Arch with luks and LVM on a Chromebook

Disk setup Check your drives:

fdisk -l

We’ll be installing Arch on the SSD /dev/mmcblk1 by creating two 500 MB partitions (for EFI and /boot), and another ext4 partition for the logical volume.

fdisk /dev/mmcblk1

let's start with listing the partitions

:  p

let's create a new 500 MB partition for EFI

:  n, enter, enter, +500M

and let's set the type to EFI

:  t, 1

then create the /boot partition

:  n, enter, enter, +500M

set its type to 'Linux Filesystem'

:  t, 20

finally, create the LVM partition

:  n, enter, enter, enter

set the type to 'Linux LVM'

:  t, 30

check everything is fine

:  p

write changes and exit

:  w

Our partitions are ready and we can start creating the LVM and files systems. At this point we have three partitions:

/dev/mmcblk1p1 for EFI. We’ll format it with FAT. /dev/mmcblk1p2 for /boot. We’ll format it with EXT4. /dev/mmcblk1p3 for LVM. We’ll set up LUKS in this disk. So, let’s create the file systems:

mkfs.fat -F32 /dev/mmcblk1p1
mkfs.ext4 /dev/mmcblk1p2

LUKS encryption on LVM partition Now we need to set up encryption in the third disk.

cryptsetup luksFormat /dev/mmcblk1p3

After that, you will need to type YES in capital letters and then enter your passphrase. Do not forget it ;) Next, we need to open the encrypted device.

cryptsetup open --type luks /dev/mmcblk1p3 myvolume

You can give it any name (myvolume in my case), but remember it. Enter your passphrase.

Next, we need to configure LVM and create two partitions for the system and home. Let’s first create the physical volume.

pvcreate --dataalignment 1m /dev/mapper/myvolume

Switch myvolume with whatever name you chose. Now, on to the volume group creation. I called my volume group volumegroup.

vgcreate volumegroup /dev/mapper/myvolume

And finally, we are ready to create the logical volumes.

create the system partition -

lvcreate -l 100%FREE volumegroup -n root

And now, let’s create the file systems.

mkfs.ext4 /dev/volumegroup/root

And mount it, along with the /boot partition.

mount /dev/volumegroup/root /mnt
mkdir /mnt/home
mkdir /mnt/boot
mount /dev/mmcblk1p2 /mnt/boot
mkdir /mnt/etc

Starting actual Arch installation Now our disk and partitions are set up an mounted, so let’s generate the fstab file.

genfstab -U /mnt >> /mnt/etc/fstab

Now we are ready to actually starting the regular installation of Arch. First use pacstrap to install the base package, the linux kernel and firmware. Then, chroot into the newly installed system.

pacstrap -i /mnt base linux linux-firmware

switch to the installation disk

arch-chroot /mnt

We are now already operating from our installed system. We need to install some additionaly goodies. I’ve listed here some essentials. Particularly, you need the lvm2 package.

pacman -S linux-headers intel-ucode base-devel nano networkmanager wpa_supplicant sudo  netctl dialog lvm2
systemctl enable NetworkManager

Edit your hostname.

/etc/hostname # contains a single line with the host name.

c300

And create the etc/hosts file with the following contents.

/etc/hosts

127.0.0.1   localhost
::1         localhost
127.0.1.1   c300.lan    c300

Remember to modify substitute c300 with your host name.

This step is important. We need to enable encryption in the hooks of mkinitcpio.conf. To do so, edit the line which starts with HOOKS= in /etc/mkinitcpio.conf and add encrypt and lvm2. It should look like this:

/etc/mkinitcpio.conf

[...]
HOOKS=(base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck)
[...]

And then run mkinitcpio.

mkinitcpio -p linux

Now, uncomment your locale (remove the leading #) and generate it.

/etc/locale.gen

[...]
en_GB.UTF-8
[...]
locale-gen

User management Now, we set up the root password and create a user with superuser permissions. To do so, we add it to the wheel group, which we will add as superusers.

change root password

passwd

add user 'username'

useradd -m -g users -G wheel username

change 'username' password

passwd username

Now, make users in the wheel group superusers by uncommenting the %wheel line

EDITOR=nano visudo

visudo

[...]
%wheel ALL=(ALL) ALL
[...]

Bootloader configuration First install GRUB2 and some utilities

pacman -S grub efibootmgr dosfstools mtools

And edit /etc/default/grub and edit it so that the following lines are present.

/etc/default/grub

[...]
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 cryptdevice=/dev/mmcblk1p3:volumegroup:allow-discards quiet"
[...]
GRUB_ENABLE_CRYPTODISK=y
[...]

Make sure that the name of the volume group is correct, as well as the partition it is located. Mount the first partition we created as the EFI partition.

mkdir /boot/EFI
mount /dev/mmcblk1p1 /boot/EFI

And finally, install grub.

grub-install --target=x86_64-efi --bootloader-id=grub_uefi --force --no-nvram --removable

Set up grub locale and generate the grub configuration file.

mkdir /boot/grub/locale
cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
grub-mkconfig -o /boot/grub/grub.cfg

Swap file creation This is optional, but I usually like to use a swap file. To create and activate a swap file of 8 GB, run the following. Use, of course, whatever size suits your system.

dd if=/dev/zero of=/myswap bs=1M count=8192 status=progress
chmod 600 /myswap
mkswap /myswap
echo '/myswap none swap defaults 0 0' | tee -a /etc/fstab

The bulk of this was inspired by this, I have changed it to work with my disks and modified to work with a chromebook. I also wanted a copy in case it got deleted!