Go to file
2021-09-24 21:27:25 -05:00
README.md First commit 2021-09-24 21:27:25 -05:00

Artix Linux with Full Disk Encryption installation guide

This is a cheatsheet I made for myself to use it everytime I want to install Arch/Artix, or maybe even other distros like Gentoo or Slackware, the steps are very similar. You can PR suggestions or fixes if you want!

0. Backup your data

Every time you are going to mess around with partitions and hard drives, SSD's, etc. Always make sure to make a backup and test that backup to make sure that you are not losing your important data.

1. Make sure that you have an internet connection

If you want to avoid issues just plug in an ethernet cable and 99% times Internet will just work. If for some reason you need to use Wi-fi, for Arch, you can type this command to connect to your wifi:

# wifi-menu

but for Artix it's a little bit more tricky. You have to:

# connmanctl enable wifi 
# connmanctl scan wifi 
# connmanctl services 
# connmanctl connect [enter the code starting in "wifi_" that is assigned to the desired ssid here]

And then you can ping a website to make sure that you have an Internet connection.

# ping francoacg.com

2. Switch to the root user

If you are not root already, switch to the root user:

$ su -

On Artix, it will prompt for a password, which is artix

3. Check wether you are using UEFI or not

This will change just a couple of steps later

# ls /sys/firmware/efi/efivars

If you see a bunch of stuff comming out, you are using UEFI. If you see something like "No such file or directory", you are using BIOS. Keep that in mind for the next steps.

4. Identify your drive

Run

# fdisk -l

to list your devices. The one with the most capacity is likely the one where you want to install your OS. If you have a SATA drive, it will probably be /dev/sda or /dev/sdb. If you have an nVME drive, it will probably be /dev/nvme0n1. Be careful with this to make sure that you are going to use the right drive.

5. Drive format and partitioning

WARNING: If you want to dualboot (probably with Windows), you have to skip this step and do other steps instead, but we will not cover that in this guide for now. Again, make sure to chose the right drive. In my case, I will be using /dev/vda because I'm testing this on a virtual machine, but in your case it will probably be /dev/sda or /dev/nvme0n1. NOTE: If you don't have UEFI, just skip the EFI partitions steps

Start formatting the drive

# fdisk /dev/vda

Create a GPT partition. This is required if you have UEFI. On BIOS it doesn't really matter

Command (m for help): g

512M EFI partition

Command (m for help): n
Partition number (1-128, default 1):
First sector (...):
Last sector (...): +512M
Command (...): t
Partition type or alias (type L to list all): 1

512M BOOT partition

Command (m for help): n
Partition number (2-128, default 2):
First sector (...):
Last sector (...): +512M

LVM partition

Command (m for help): n
Partition number (3-128, default 3):
First sector (...):
Last sector (...):
Command (...): t
Partition number (1-3, default 3):
Partition type or alias (type L to list all): 30

Write changes

Command (...): w

Format the EFI partition

# mkfs.fat -F32 /dev/vda1

Format the BOOT partition

# mkfs.ext4 /dev/vda2

6. Setup encryption

Create the encrypted partition with a passphrase, then the LVM volume and partitions

# cryptsetup luksFormat /dev/vda3
# cryptsetup open --type luks /dev/vda3 lvm
# pvcreate --dataalignment 1m /dev/mapper/lvm
# vgcreate volgr0 /dev/mapper/lvm
# lvcreate -l 100%free volgr0 -n lv_root
# modprobe dm_mod
# vgscan
# vgchange -ay
# mkfs.ext4 /dev/volgr0/lv_root
# mount /dev/volgr0/lv_root /mnt
# mkdir /mnt/boot
# mount /dev/vda2 /mnt/boot

Generate the fstab with UUID Note: in Artix its fstabgen and in Arch its genfstab

# mkdir /mnt/etc
# fstabgen -U -p /mnt >> /mnt/etc/fstab

7. Actually installing the system

Note: pacstrap for Arch and basestrap for Artix Note: Replace <init> by your init system of choice or don't put any if you are on Arch (Systemd) Note: Don't put linux-firmware if you don't want proprietary drivers We can install all we need at once:

basestrap /mnt base base-devel linux linux-firmware <init> elogind-<init> cryptsetup networkmanager networkmanager-<init> wpa_supplicant wireless_tools lvm2 sudo grub efibootmgr dosfstools os-prober mtools vim 

Chroot to the installation. arch-chroot for Arch and artix-chroot for Artix

# artix-chroot /mnt

Enable networkmanager OpenRC:

# rc-update add NetworkManager

Runit:

# ln -s /etc/runit/sv/NetworkManager /etc/runit/runsvdir/default

Enable disk decryption at startup

/etc/mkinitcpio.conf

HOOKS=(base udev ... block encrypt lvm2 ...)

Apply changes

# mkinitcpo -P

Setup your server of preference. Just copy it at top like so

vim /etc/pacman.d/mirrorlist

Server = https://us-mirror.artixlinux.org/$repo/os/$arch

Setup the timezone

ln -sf /usr/share/zoneinfo/Your/Timezone /etc/localtime

Sync your hardware clock

hwclock --systohc

Configure your locale by uncommenting the lines that you want

/etc/locale.gen

en_US.UTF-8 UTF-8
en_US.ISO-8859-1

Generate the locale

# locale-gen

Put your locale at this file like so

/etc/locale.conf

LANG=en_US.UTF-8

Setup hostname

/etc/hostname

your-hostname

Setup hosts

/etc/hosts

127.0.0.1        localhost
::1              localhost
127.0.1.1        your-hostname.localdomain    your-hostname

Set the root password

# passwd

Create your user

# useradd -m -g users -G wheel <your-user>

Set the password for the created user

# passwd <your-user>

Give sudo privileges to the user by spawning visudo and uncomment the line

# EDITOR=vim visudo

%wheel ALL=(ALL) ALL

Install GRUB With UEFI

# mkdir /boot/EFI
# mount /dev/vda1 /boot/EFI
# grub-install --target=x86_64-efi --bootloader-id=grub_uefi --recheck

With BIOS

# grub-install --target=i386-pc --recheck /dev/vda

Set the locale for GRUB

# mkdir /boot/grub/locale
# cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo

Enable encryption for GRUB by uncommenting GRUB_ENABLE_CRYPTODISK=y and adding cryptdevice=UUID=<uuid-of-/dev/vda3>:volgr0:allow-discards to the kernel parameters Get partition UUID:

# blkid /dev/vda3
/etc/default/grub

GRUB_CMDLINE_LINUX="cryptdevice=UUID=<uuid>:cryptlvm root=/dev/volgr0/lv_root"
GRUB_ENABLE_CRYPTODISK=y

Save the config

# grub-mkconfig -o /boot/grub/grub.cfg

Now you can finally reboot!

8. Post installation

  • Display manager: lightdm
  • xorg: pacman -S xorg xorg-server
  • Notification system: dunst
  • Nice looking disk encryption password prompt: plymouth