Basic Arch Linux Installation on a VM (With or Without Full Disk Encryption)
Does “do-it-yourself” have to be so hard?
Introduction
The process of installing Arch Linux is quite different compared to other OS’s. In fact, installing a standard Linux ISO is more similar to installing Windows 10 than it is to installing Arch Linux. And, if you have been around the computer-savvy side of the internet, you know of Arch’s notorious installation difficulty.
Why install Arch if it is so difficult? First, the difficulty itself stems from Arch letting you make almost all the decisions. You can choose between Linux kernels, packages to install, partitioning schemes, and many other aspects. This makes Arch a very personal OS to install.
Second, learning all the skills associated with installation can greatly expand your current Linux administration skills. Working with block devices, using the command line, editing boot parameters, and running full disk encryption are a few examples of the skills you get to learn.
Sometimes, going it alone is THE way to go.
However, here is a suggestion. Start here at the Arch Linux installation guide. The official installation guide is a wonderfully technical set of instructions that goes into far more detail than I do and has excellent suggestions at every stage. Going into Arch blind with nothing but the Arch wiki and Google will teach you far more about Linux administration than my guide will or can. Your troubleshooting prowess can skyrocket by doing this thing on your own.
TLDR: Because learning how to install Arch Linux on your own is such a great opportunity to learn new skills, I highly advise you to use this article ONLY IF you feel the official guide was unclear on a particular step.
Quick Overview
- Step 1: Creating a VM and booting to Arch live environment
- Step 2: Setting up partitions
- Step 3: Installing OS and packages
- Step 4: Setting up OS for boot
Step 1: Creating a VM and booting to Arch live environment
- Download an Arch Linux iso from: https://archlinux.org/download/
- Use any hypervisor you wish to create a VM with at least 10GB of disk space and 1024 MB of memory. Use EFI firmware, not BIOS.
- Select the downloaded ISO to boot to initially before powering on the VM. You should see the following output by the VM.
- Select the first option. You should see the live system ready to go.
- To make sure that we are booted in EFI mode, run the following to see if the directory and files exist. If they don’t, you have not booted in EFI mode.
ls /sys/firmware/efi/efivars
- Make sure the clock is accurate.
timedatectl set-ntp true
Step 2: Setting up partitions
There are many ways you may want to set up your storage partitions and this guide will contain two schemes. Both schemes involve three partitions: the EFI/boot partition, the memory swap partition, and the root filesystem partition.
The ONLY difference between the two schemes is that the second scheme will go over full disk encryption for the root partition. This will force you to type a password on boot.
Scheme 1: No encryption
- Type the following to access parted, the program we will use to create our partitions.
parted /dev/sda
TIP: If it appears the “/dev/sda” block device doesn’t exist, it may be that the disk bus type for your virtual disk is incorrect. Make sure it is SATA instead of something like VirtIO.
- Once in the parted application, run the following steps in succession. This will create a GPT partition table for the device, create the EFI partition and mark it with the the boot flag, create the swap partition, and use the rest of the space for the root partition.
mklabel gpt
mkpart "efi partition" fat32 1MiB 300MiB
set 1 esp on
mkpart "swap partition" linux-swap 300MiB 3000MiB
mkpart "root partition" ext4 3000MiB 100%
quit
TIP: It is recommended that the swap partition should have around twice the amount of storage as allocated memory. In this case, we assigned ~2700MB when we installed 1024MB of memory. More or less can be added and the swap partition can be eliminated altogether.
TIP: If you mess up any of the steps, type “print free” to see the partitions you made. They will be listed with numbers to the side. Delete them all with rm {partition number} and start over from “mklabel gpt”.
- Once out of the parted program, format the boot partition and set up the swap partition.
mkfs.fat /dev/sda1 -F 32
mkswap /dev/sda2
swapon /dev/sda2
WARNING: DO NOT RUN this step if you are doing full disk encryption.
- Format the root partition, mount it, and also mount the boot partition in the “/mnt/boot” so it can be changed during the OS boot prep stage.
mkfs.ext4 /dev/sda3
mount /dev/sda3 /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
Scheme 2: LUKS encryption
- Run the steps for Scheme 1, but stop before you format the root partition.
- Encrypt the root partition with a password.
cryptsetup -y -v luksFormat /dev/sda3
- Now, decrypt the partition, format it, and mount it, and mount the boot partition in the “/mnt/boot” directory.
cryptsetup open /dev/sda3 cryptroot
mkfs.ext4 /dev/mapper/cryptroot
mount /dev/mapper/cryptroot /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
Step 3: Installing OS and packages
IMPORTANT: No matter which of the storage schemes you went for, the following steps will be the same.
- Use the “pacstrap” command to install the OS and some useful packages. The first version of this command will be minimal and the others will introduce some quality of life additions.
pacstrap /mnt base linux linux-firmware intel-ucode amd-ucode grub efibootmgr
# Pick which *ucode package you need based on your CPU or just install both.pacstrap /mnt man-db man-pages texinfo
# These packages give you access to offline program documentation.pacstrap /mnt net-tools iproute2 dhcp dhcpcd
# These packages are networking tools.pacstrap /mnt xorg xorg-server xfce4 xfce4-goodies lightdm lightdm-gtk-greeter lightdm-gtk-greeter-settings accountsservice
# These packages install the XFCE4 GUI, should you want it.pacstrap /mnt vi vim nano gedit
# These packages are text editor programs. The GUI section will need to be installed for gedit to work.pacstrap /mnt pulseaudio pulseaudio-alsa pulseaudio-bluetooth
# These packages are for enabling audio to play. They play nice with the GUI.pacstrap /mnt base linux linux-firmware intel-ucode amd-ucode grub efibootmgr man-db man-pages texinfo vi vim nano gedit net-tools iproute2 dhcp dhcpcd xorg xorg-server xfce4 xfce4-goodies lightdm lightdm-gtk-greeter lightdm-gtk-greeter-settings accountsservice pulseaudio pulseaudio-alsa pulseaudio-bluetooth
# Full installation command
TIP: Learn how to know the right *ucode package to install here: https://linuxize.com/post/get-cpu-information-on-linux/. The Arch wiki has some information about microcode here: https://wiki.archlinux.org/index.php/Microcode.
- Once this command is finished (will take a while), generate the fstab file for the OS.
genfstab -U /mnt >> /mnt/etc/fstab
Step 4: Setting up OS for boot
IMPORTANT: Run the first set of steps ONLY if you are using full disk encryption. If you are running a unencrypted installation, skip to the Steps for encrypted and non-encrypted installations heading.
Extra steps for full disk encryption
- Chroot into the root partition to begin making changes.
arch-chroot /mnt
- Open the “/etc/mkinitcpio.conf” file for editing.
nano /etc/mkinitcpio.conf
- Edit the “HOOKS” line in the /etc/mkinitcpio.conf file.
HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems fsck)
- Save and exit.
- Get the UUID for the crypto_LUKS partition by using the “blkid” command. Save this for a later step.
blkid
- Open the “/etc/default/grub” file for editing.
nano /etc/default/grub
- Change the kernel parameters line near the top of the file to the following and replace {UUID} with the UUID you saved from the previous steps.
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID={UUID}:cryptroot root=/dev/mapper/cryptroot"
- Save and exit.
Steps for encrypted and non-encrypted installations
- Make sure you are chrooted into the root partition.
arch-chroot /mnt
- Generate and set the locale information.
ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime
# Change "America/New_York" as needed for the correct timezonelocale-gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf
- Open the “/etc/locale.gen” file for editing.
nano /etc/locale.gen
- Uncomment any lines with locales you need. One example might be “en_US.UTF-8”.
- Save and exit.
- Open the “/etc/hostname” file for editing.
nano /etc/hostname
- Insert any valid network hostname for the OS you want then save and exit.
- Open the “/etc/hosts” file for editing.
nano /etc/hosts
- Add the following lines replacing in your hostname as appropriate:
127.0.0.1 localhost
::1 localhost
127.0.0.1 {chosen_hostname}.localdomain {chosen_hostname}
- Save and exit.
- Create a new initramfs.
mkinitcpio -P
- Enter the following and follow prompts to create a root password.
passwd
- Install the GRUB bootloader on the EFI partition. The following is all on one line.
grub-install --target=x86_64-efi --efi-directory=boot --bootloader-id=GRUB
- Set a couple of variables and then create the config file for GRUB to use.
CONFIG_BLK_DEV_INITRD=Y;
CONFIG_MICROCODE=y;
CONFIG_MICROCODE_INTEL=Y;
CONFIG_MICROCODE_AMD=y;grub-mkconfig -o /boot/grub/grub.cfg
TIP: Learn more about installing GRUB here on the Arch wiki: https://wiki.archlinux.org/index.php/GRUB#Installation_2.
- If you decided to install the XFCE4 GUI, run the following to have it on by default for all users.
systemctl enable lightdm
echo "exec startxfce4" > /etc/skel/.xinitrc
TIP: Learn more about installing a GUI on Arch here: https://ostechnix.com/how-to-install-gnome-desktop-environment-in-arch-linux/. The Arch wiki has some extra information here: https://wiki.archlinux.org/index.php/GNOME#Installation.
- Create a normal user for testing.
useradd -m -d /home/sandy -s /bin/bash testuser
passwd testuser
- Enable DHCP networking to start by default.
systemctl enable dhcpcd
TIP: Learn about IP routing without DHCP here: https://ostechnix.com/how-to-install-gnome-desktop-environment-in-arch-linux/. The Arch wiki has some extra information here: https://wiki.archlinux.org/index.php/Network_configuration#net-tools.
- Exit the chroot environment, umount all mounted partitions, and reboot.
exit
umount -R /mnt
reboot
- You should see the GRUB menu on startup.
- Select the first option.
- You may instead see the decryption password prompt. Enter the decryption password you set before and press ENTER to continue booting.
- You should see the greeter and should be able to log in.