tech_notes

A collection of notes on setups and implementations.
Log | Files | Refs | README

arch_install.md (4067B)

      1 # Arch install
      2 
      3 The following is based on [this](https://archive.0x00sec.org/t/arch-linux-with-lvm-on-luks-dm-crypt-disk-encryption-installation-guide-legacy-bios-system/1479) blog entry.
      4 This installation method was tested Lenovo's X200s and T420.
      5 
      6 We assume a working ethernet connection.
      7 After booting into the Arch linux USB stick, we enable network time synchronisation:
      8 
      9 ```console
     10 # timedatectl set-ntp true
     11 ```
     12 
     13 Then, we create an MSDOS partitioning table with two partitions:
     14 the first one will be boot while the second one will be encrypted and contain root and home.
     15 We leave 1MB free before the boot partition.[^1]
     16 Since we will use a swap file, no swap partition will be necessary for us.
     17 
     18 [^1]: According to the ArchWiki, neither the 1MB nor a separate boot partition seems to be necessary(?). I have not tested this and simply present a setup that worked for me.
     19 
     20 For simplicity, we will assume installation on /dev/sda.
     21 Using parted, the commands are
     22 
     23 ```console
     24 # parted /dev/sda
     25 ```
     26 
     27 ```bash
     28 (parted) select /dev/sdX
     29 (parted) mklabel msdos
     30 (parted) mkpart primary ext2 1MB 512MB
     31 (parted) mkpart primary ext4 512MB 100%
     32 (parted) set 1 boot on
     33 (parted) quit
     34 ```
     35 
     36 Then, we encrypt the second partition and give it the name "crypt":
     37 
     38 ```console
     39 # cryptsetup luksFormat /dev/sda2
     40 # cryptsetup open /dev/sda2 crypt
     41 ```
     42 
     43 We initialise a physical volume with a volume group "vg":
     44 
     45 ```console
     46 # pvcreate /dev/mapper/crypt
     47 # vgcreate vg /dev/mapper/crypt
     48 ```
     49 
     50 On the volume group, we create the root and home partitions as logical volumes:
     51 
     52 ```console
     53 # lvcreate -L 60G vg -n root
     54 # lvcreate -l 100%FREE vg -n home
     55 ```
     56 
     57 These logical volumes shall again have the filesystem ext4:
     58 
     59 ```console
     60 # mkfs.ext4 /dev/mapper/vg-root
     61 # mkfs.ext4 /dev/mapper/vg-home
     62 ```
     63 
     64 Then, we can perform the mounting:
     65 
     66 ```console
     67 # mount /dev/mapper/vg-root /mnt
     68 # mount -m /dev/mapper/vg-home /mnt/home
     69 # mount -m /dev/sda1 /mnt/boot
     70 ```
     71 
     72 We download the necessary (and useful) packages
     73 
     74 ```console
     75 # pacstrap /mnt base base-devel linux linux-firmware lvm2 vim man networkmanager grub
     76 ```
     77 
     78 and generate the file system table with
     79 
     80 ```console
     81 # genfstab -U /mnt >> /mnt/etc/fstab
     82 ```
     83 
     84 Finally, we dive into the new system:
     85 
     86 ```console
     87 # arch-chroot /mnt
     88 ```
     89 
     90 We link our timezone and set the clock:
     91 
     92 ```console
     93 # ln -s /usr/share/timezone/Europe/Zurich /etc/localtime
     94 # hwclock --systohc
     95 ```
     96 
     97 Inside `/etc/locale.gen`, uncomment the regional settings you prefer, e.g. `de_CH.UTF-8`.
     98 After saving, execute
     99 
    100 ```console
    101 # locale-gen
    102 ```
    103 
    104 In `/etc.locale.conf`, set `LANG` to your prefered language, e.g. `LANG=en_US.UTF-8`.
    105 Then, write your prefered host name into `/etc/hostname`.
    106 
    107 Now comes a crucial part: inside the file `/etc/mkinitcpio.conf`, make sure the line defining the hooks is of the form (ordering matters!)
    108 
    109 ```cpp
    110 Hooks=(base udev autodetect keyboard keymap consolefont modconf block lvm2 encrypt filesystem fsck)
    111 ```
    112 
    113 Install grub with
    114 
    115 ```console
    116 # grub-install /dev/sda
    117 ```
    118 
    119 Next, we need to tell grub which partition to decrypt and use as root.
    120 For this, you can use the command `lsblk -f >> /etc/default/grub`, pasting a list of devices into the grub config file.
    121 Inside `/etc/default/grub`, ensure that the argument of `GRUB_CMDLINE_LINUX` is defined as
    122 
    123 ```cpp
    124 GRUB_CMDLINE_LINUX="cryptdevice=UUID=yourUUID:x root=/dev/mapper/vg-root"
    125 ```
    126 
    127 where yourUUID is the *UUID* of the device that shall be decrypted, i.e., here, `/dev/sda2`.
    128 Also, uncomment the line
    129 
    130 ```cpp
    131 GRUB_ENABLE_CRYPTODISK="y"
    132 ```
    133 
    134 We create the grub config file with
    135 
    136 ```console
    137 # grub-mkconfig -o /boot/grub/grub.cfg
    138 ```
    139 
    140 and generate an initial RAM disk for the boot process:
    141 
    142 ```console
    143 # mkinitcpio -P
    144 ```
    145 
    146 Finally, we set a root password, create a new user part of group wheel and give him a password, too.
    147 
    148 ```console
    149 # passwd
    150 # useradd -m -G wheel julian
    151 # passwd julian
    152 ```
    153 
    154 Optionally, we can asign root privileges to all members of wheel by entering
    155 
    156 ```console
    157 # visudo
    158 ```
    159 
    160 and uncommenting the line
    161 
    162 ```cpp
    163 %wheel ALL=(ALL) ALL
    164 ```
    165 
    166 Then, it is time for a reboot and some luck :-)