In this lesson we install Arch Linux on encrypted btrfs volume step by step.
1. Show all volumes on hard drive:
ls /dev/sd*
2. Delete all volumes on drive /dev/sda
fdisk /dev/sda
Next write letter (d) -> number of volume and then write changes (w)
3. Create some partitions with command cfdisk:
– First partition: 256M, type: EFI System
– Second partition: 512M
– Third partition: full size of disk
Write changes, type yes and exit from cfdisk.
4. Now let’s create file system and encrypt on our partitions:
mkfs.vfat -n "EFI System" /dev/sda1
mkfs.ext4 -L boot /dev/sda2
mkfs.ext4 -L root /dev/sda3
We successfully created three partitions – efi, boot and root.
Now we need to encrypt our root partition:
modprobe dm-crypt modprobe dm-mod
cryptsetup luksFormat -v -s 512 -h sha512 /dev/sda3
Type YES in capital letters and password for encrypted partition.
5. Open our encrypted partition:
cryptsetup open /dev/sda3 archlinux
6. Create btrfs partition on our encrypted partition:
mkfs.btrfs -L root /dev/mapper/archlinux
7. Mount
mount -t btrfs /dev/mapper/archlinux /mnt cd /mnt
8. Create subvolumes for btrfs partition
btrfs subvolume create root btrfs subvolume create home btrfs subvolume create snapshots
Go to / and unmount /mnt
cd / umount -R /mnt
8. Mount
mount -t btrfs -o subvol=root /dev/mapper/archlinux /mnt
Create home and snapshots directories:
mkdir /mnt/home mkdir /mnt/snapshots
Mount home and snapshots directories
mount -t btrfs -o subvol=home /dev/mapper/archlinux /mnt/home mount -t btrfs -o subvol=snapshots /dev/mapper/archlinux /mnt/snapshots
Create boot directories:
mkdir /mnt/boot
mkdir /mnt/boot/efi
Show partitions:
lsblk
Mount boot directories:
mount /dev/sda2 /mnt/boot mount /dev/sda1 /mnt/boot/efi
9. Create swap file:
dd if=/dev/zero of=swap bs=1M count=1024 chmod 0600 swap mkswap swap swapon swap
10. Install Arch Linux to /mnt directory:
pacstrap -i /mnt base base-devel efibootmgr grub linux linux-firmware networkmanager vim mc
11. Generate fstab
genfstab -U /mnt > /mnt/etc/fstab
12 Arch chroot to our new system:
arch-chroot /mnt
13. Change root password:
passwd
14. Uncomment locales in /etc/locale.gen file
vim /etc/locale.gen
Generate locale:
locale-gen echo LANG=en_US > /etc/locale.conf
15. Configure grub boot loader
vim /etc/default/grub
In line GRUB_CMDLINE_LINUX=”” write this text:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:archlinux"
Change file /etc/mkinitcpio.conf: in line HOOKS add encrypt
HOOKS=(... encrypt ...)
mkinitcpio -p linux
Configure grub bootloader:
grub-install --boot-directory=/boot --efi-directory=/boot/efi /dev/sda2 grub-mkconfig -o /boot/grub/grub.cfg grub-mkconfig -o /boot/efi/EFI/arch/grub.cfg