Simple instructions for an Arch install with encrypted root partition. Bootloader and kernel partitions aren't encrypted.
Do whatever is necessary to be able to ping 1.1.1.1. iwctl for wi-fi as of today.
fdisk /dev/sdX- 512MB EFI partition
- 512MB boot partition
- 100% FREE for LUKS
mkfs.vfat -F32 /dev/sdX1
mkfs.ext2 /dev/sdX2This creates one partion for root, modify if /home or other partitions should be on separate partitions.
# Cryptsetup
cryptsetup luksFormat /dev/sdX3
cryptsetup luksOpen /dev/sdX3 luks
# LVM2
pvcreate /dev/mapper/luks
vgcreate archvg /dev/mapper/luks
lvcreate --size 16G archvg --name swap
lvcreate -l +100%FREE archvg --name root
mkfs.ext4 /dev/archvg/root
mkswap /dev/archvg/swapThen mount it:
swapon /dev/archvg/swap
mount /dev/archvg/root /mnt
mkdir /mnt/boot
mount /dev/sdX2 /mnt/boot
mkdir /mnt/boot/efi
mount /dev/sdX1 /mnt/boot/efipacstrap /mnt linux linux-firmware lvm2 dhcpcd intel-ucode base base-devel grub-efi-x86_64 zsh vim git efibootmgr dialoggenfstab -pU /mnt >> /mnt/etc/fstab
vim /mnt/etc/fstabChange relatime on all non-boot partitions to noatime (reduces wear if using an SSD).
Make /tmp a ramdisk by adding the following line to /mnt/etc/fstab:
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
arch-chroot /mnt /bin/bashln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
hwclock --systohc --utcecho MYHOSTNAME > /etc/hostnameecho LANG=en_US.UTF-8 >> /etc/locale.conf
echo LANGUAGE=en_US >> /etc/locale.conf
echo LC_ALL=C >> /etc/locale.confUncomment proper locale in /etc/locale.gen then:
locale-genpasswdvim /etc/mkinitcpio.confAdd encrypt and lvm2 to HOOKS before filesystems.
mkinitcpio -p linuxgrub-install
vim /etc/default/grubSet GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards".
grub-mkconfig -o /boot/grub/grub.cfgYou're all set, you can now reboot and log as root to set up users and a graphical environment if you want one.