#[SOLVED] Installing arch - specifically disk partitioning + encryption

I don't think you would need to partition Arch in a special way, besides leaving enough unallocated space for Windows

Windows should automatically detect Arch's EFI partition

Yeah, though a swapfile or zram could be an alternative to a swap partition

Yes

But you can use one if you want

I don't believe so, though a swapfile is more flexible and a swap partition may be more reliable

As I understand it, basically a compressed swap that's in your RAM

I'd recommend using cfdisk if you're newer, it's much more straightforward to use

exFAT may be a good option, as the NTFS driver in the Linux kernel is relativity new and there is no userspace utilities for it

There are some unofficial drivers for windows that add support for ext4 and BTRFS, but it's probably better to use something windows officially supports

You should be able to

It may not run as well as a game on NTFS, but it shouldn't be a problem

GPT

I doubt it would matter that much

It wouldn't matter too much, but I believe stuff like fsck requires it, and I don't think it can be included in the initramfs without them

That's only for fat32 and lower, it isn't an issue without exFAT

also I don't even know if performance is worse, I just guessed that

It does have a higher chance of data loss if something happens like a drive disconnecting

Well you'll loose the data on them, but yes

There is also ntfs-3g which is a FUSE-based driver NTFS, it has userspace utilities but I think it's slower then the kernel driver

Yes

How much RAM do you have?

4-8 GB of SWAP should be more then enough

Linux Swap

Do you want your EFI partition to be encrypted?

yeah

Yeah

https://wiki.archlinux.org/title/Data-at-rest_encryption

I'll try to help you with doing it, but it may be good to read this a bit as well

How you do it depends on how secure you want it to be and how you want to unlock it

It appears to be possible for LUKS

I think so

sorry for the long response I had to look at some stuff, I haven't done much with encryption before

it shouldn't be too hard if you're only encrypting the root partition, but that's fine

fair enough

https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system

this seems to have a good amount of information on encryption

@nova brook hows it going

Your esp has to be fat32. Then, for arch root, use ext4 or you can do the BTRFS subvol way

EFI system partition

If you use LUKS with cryptsetup it should be fairly easy to do

Even on cfdisk, you have to make the partitions yourself

Nope. You are the one making it

And don't use NTFS for Arch.

Ext4, BTRFS and XFS exists

NTFS was meant for windoz , not Linux distros

They were talking about a shared drive between windows and arch

And NTFS has issues with permissions and properties

Yeah, a shared NTFS partition will do

You could also use BTRFS, depending of your drive type

.aw BTRFS

Another way to encrypt is luks

.aw luks

i dont think there is a difference

data at rest encryption is an umbrella term i think

https://wiki.archlinux.org/title/Data-at-rest_encryption#System_data_encryption or at least thats what im getting from this wiki page

yes that's what i use

how do you want your partitions set up?

ok first make a 512M efi partition

press n to create a new partition

wait this is a uefi system right?

ok before that you're gonna need to change the partition table

just ctrl c out

ok run fdisk again

and before you make any partitions press g

that's weird, didn't you already make it GPT?

or did you not write in cfdisk?

see how it said it was creating a dos disklabel?

I know, but what happened to the old one?

ah, ok nvm then

alright open fdisk again and press g

Idk. I just shared what ik. I don't use encryption

Also if you own SSD, you may consider extra stuff

.aw SSD

did it say something about creating a gpt partition table?

ok cool now make a 512M efi partition then change it to type 1

Idk if your host runs on sata or NVMe SSD

That's something to consider too

yes

Then you may consider extra things when installing arch

.aw nvme

yep

There's a debate around ext4 vs XFS vs BTRFS , which one is best for NVMe SSD

oh wait press enter first

Also trim

when it says partition number

So you may like to read those articles

i use btrfs but i don't think there's one "best" specifically for nvme ssds

Try to replicate your host setup on the VM btw.

If using vbox, it allows you to use NVMe SSD

ok cool cool now press t

cringe

Idk if VMware allows NVMe, but try to replicate your host setup so you learn

Because a sata SSD will show it up as /dev/sda
While NVMe shows as /dev/nvme0n1

And since you want to practice before doing this on your host, better replicate the conditions of the host

Because if you learn with /dev/sda and things.. when doing it for real. Imagine you don't know where's your NVMe SSD... Better learn beforehand

ok do you know how much swap you want?

ok make an 8G partition and change it to type 19

Not sure but I think it's related to your hardware config

Lol, I have 16 gigs ram and I just need 4 gb swap

yeah you can wait till then

Yes. But it's something you should read and consider when doing arch Installation on NVMe

Yeah but over 8gb ram , swap is optional. Like . You don't need 8gb swap at all. 4gb will be enough

I only use swap because hibernation

.aw swap

.aw hibernation

it's fine

i have 8G ram 8G swap bc i plan to upgrade to 16GB ram eventually

ok

so 8G is fine

yep now how much space do you want to have arch take up

also if you're dualbooting you'd probably find this helpful

.aw dual boot with windows

you're going to overload them with wiki articles lol

Better as he embraces the arch wisdom

yeah

yep but for the actual install you might want to first make the efi partition, install windows, shrink the windows partition, then install arch

Meanwhile me, doing a legacy Install of it

it's explained in the wiki page

also if you want your system to look all fancy when you select linux or windows i'd recommend using refind bootloader

i dualboot and it's what i use

mine looks identical to this but the logos are swapped and its the windows 11 logo

I think Windows may mess up the Linux boot files, but it shouldn't be too difficult to fix anyway

since you're the one installing arch linux, as opposed to windows which has an automatic installer, you can make sure that you don't mess up any of the other os's stuff

it's just more reliable installing windows first

it's what i did when i set up my dualboot

no, imo refind is the best option for all use cases (other than efistub or uki but you can't really do that with a dualboot)

there's no "default", but most people use grub

but...

https://bbs.archlinux.org/viewtopic.php?id=279115

https://www.youtube.com/watch?v=b_KHtK2b5cA

https://www.reddit.com/r/archlinux/comments/x1lcoi/why_hasnt_arch_linux_acknowledged_the_grub_issue/

https://forum.endeavouros.com/t/grub-broke-my-arch-linux-installation-video/31081

https://endeavouros.com/news/full-transparency-on-the-grub-issue/

i think you get the point

alright i mean it's pointless to replicate in a vm, it'll pretty much be the same

systemd-boot is also an option for a bootloader

here's the steps for when you install it on bare metal

1. boot into the arch installation media and create a 512M fat32 efi partition
2. boot into the windows installation media and install windows to the drive
3. once thats all setup you can install arch as normal and use the same efi partition

alright you got a copy of windows installation media?

alright first you gotta format the efi partition

press w to exit fdisk

ok then run mkfs.fat -F32 /dev/sda1

yep

You should install windoz first then arch

Not the other way around

Why? Because windoz will nuke your arch esp

Wiping grub in the process

they're installing windows first

Then it's fine

Even when dual booting with dedicated drives, I still recommend to Install windoz first

You could also make a dual boot with dedicated drives

On the vm

yep theyre just making a 512M esp because 100M is a bit cramped

Just saying. There are multiple configurations that you can use

and extended boot partitions make stuff really complex

Wdym? That sounds like doing a legacy MBR install

yes but even 512M is pretty big

Why? That's overkill

You're just wasting space. ESP max needs 512 Mb

Also you're doing an UEFI install?

it's having the bootloader on 1 esp then having the kernels on an extended esp partition

I wouldn't call it complex

Idk about that. I always just do esp, swap, root and home

Btw, do you wish to have a home partition?

i just do esp, swap, and separate btrfs subvolumes for home, root, and snapshots

Yeah but I'm old school and I use ext4

Til I understand BTRFS. Also I have my home on another drive

Yup. So if your root goes brrr... Your stuff will be untouched

im in middle school how does that make you feel

that sounded a little toxic. didnt mean to sound offensive

i'd say just share a home and root partition

90gb will be enough for your root. The rest for home

I don't really see the point of a separate home

90gb is excessive

Depends of your use case

But root doesn't need too much space. I think 20% of the space will be enough

User preference

i think so but it's up to you

yeah, I don't think it's worth it

Tho I recommend a home partition

but it's up to you

combined partition is easier but you can't keep it between installations

but you can just copy it over

Youre installing windoz first then arch?

then install it on drive 1 unallocated space

it should automatically use the efi partition you made

yep

You can use diskpart to verify which drive is which

Actually windoz should make the partitions itself. You don't need to make an ESP

it makes a 100MiB esp which is too small for dualbooting

Just select the target drive and done

I do something better, dedicated ESP

Each system with it's own esp

they're gonna be installed on the same drive and you can only make 1 esp per drive

So if windoz goes drunk.. it doesn't nukes the other esp

that's not true, you can have more then one ESP per drive

i dualboot with dedicated esp's but that's because windoz and linux are on different drives

Then why I had 2 on my old setup

And it worked

Nor windoz nor arch complaint about

it's not really something you should rely on working though

Anyways. I understand your point. Now let windoz do its thing.

But i recommend using dedicated drives to prevent windoz from nuking grub

Cuz it does likes to fo that.
Windoz after an update and finding that there's a penguin on the drive:
https://media.tenor.com/a4qDuOMfC4IAAAAM/its-mine-lotr.gif

Yeah. But it's annoying to have to reinstall grub time to time cuz window does a little trolling

naw you can have as many esps as you want

it only fucks it up if you have esps across drives

just checked the wiki

mb mb

Yeah. When I used to dual boot single drive , having dedicated ESP fixed windoz from nuking grub

weird it all works fine for me

lune probably intentionally sabotaged it

i just have a typical ext4 with no bullshit and a shared esp

no lvm or encryption, none of that

Nope. It was drunk windoz update doing a little trolling

specifically if you have a working windows installation and then use an esp on a different drive

ok cool now make an 8G swap partition type 19

type really doesnt matter

also it's way way easier to just use swapfile

and no it doesnt affect performance

ik but theres no reason to get it wrong

wdym get it wrong

its just a waste of time and confusing

like just not set it

i mean if you try doing it and you set it to something dumb that might screw your system then that'd be a problem

so you might as well not

and again, swapfiles are easier

i mean it is up to you but i dualboot and if i dont set it up properly windows will mount my esp and maybe even my swap partition

fair

probably file

i'd say partition but you can see how we're both really confident with our choices

why partition though

is it not more of a hassle

use a file if you want more simplicity and might want to resize it later
use partition if you want a negligible speed increase or you want something more tried and tested and approved by linus

as you can see it's still utilized a little bit even when you have free ram, but yes thats pretty much what it does

nope

im not sure exactly how it works

.s whyswap

ignore the videos

Having swap is a reasonably important part of a well functioning system. Without it, sane memory management becomes harder to achieve.

Swap is not generally about getting emergency memory, it's about making memory reclamation egalitarian and efficient. In fact, using it as "emergency memory" is generally actively harmful.

those are the two main points

why though

oh

you know what, fuck it, rogueharmony has a point

just make a partition, it really doesn't matter

you can even switch later

nope gotta shrink the partition first

Probably should do that within Windows

'no enough free sectors available' is nerd speak for 'you need space to put the new partition in'

Also your VM is in UEFI mode, right?

it didnt ruin anything it just means you cant make a new partition

also @glossy notch why not just use cfdisk

i prefer cli

then use sfdisk

im pretty sure we've already had a conversation about this

cause its more intuitive

and its actually faster in practice

but its whatever

i'm honestly not very experienced with resizing partitions, maybe someone else here is

its not really a more 'proper' method; its just the same thing but faster

its whatever

what are you shrinking

just ignore the fact that i use nmtui

your c drive?

lmao i just straight up use wpa_supplicant

im 100% for minimal software and i dont even use systemd but refusing to use cfdisk is going too far

yes, always resize your c drive while in windows

nvme0n1p3 is the c drive i think

you can check with ummmm

it will say in disk management in windows

lsblk -o +fstype,label

ig so

k then

@nova brook boot into windows, log into an admin account, and launch 'create and manage hard disk partitions' from the start menu

do you know what all those disks are

what are they then

whats disk 0 and disk 2

are you installing there

ok

so like

obviously if you wanna make space you gotta take out more than a gb

the only one with more than a gb is the c drive, so you'd resize that

another way to know which drive to resize is to just use the biggest one

so yeah, right click on that box with the c drive

it should have an option to resize

let me think about what to resize to

right so i'd say 20gb for now, maybe 30 for later

you said 50/50 earlier so around half

the entire drive?

30455 would be half of it

that would only leave you with about 9 gb left for windows

so

also is this VM just for testing it out?

ok if its a vm then it doesnt really matter ig

yeah thats fine

now right click on the unallocated

click create

we'll reformat it later, you can just set whatever settings you want

yeah ig that might be better

k then, never mind, just boot into the iso again

@nova brook are you sure you're doing encryption? it sounds like a bit of a waste tbh

like your friend said, its kind of unnecessary

but its fine, you can do whatever

tbh at this point if it works it works

you can figure the rest out

not enough to be noticeable

it doesn't while the system is running, it'll just take longer to boot

yeah

if it's a laptop sure do it, otherwise maybe not

but im on a desktop and i do for some reason

https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition

ah i hate it when someone comes into my house, unscrews my computer case, takes out the gpu, unscrews the drive and runs off with it

yea me too

https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption

who would even bother i just have a bunch of games on the drive and my 1660s isn't even worth stealing

You shouldn't need to do that

i mean you dont have any linux data there so it doesnt matter

yeah

but if you have bitlocker then windows partitions dont matter

I don't think it would be necessary, but you can if you want

you don't really need to bother, unless you got something confidential on there

https://wiki.gentoo.org/wiki/Full_Disk_Encryption_From_Scratch_Simplified might be neat

If there data you really don't want anyone accessing it's probably a good idea, but besides that it isn't really necessary

firmware settings

also when you do get to installing this on bare metal most mobos you can disable drives in the uefi

or at the very least disable the sata controller

Because it takes a while and most people don't need it

it takes a while and it's unnecessary in most cases

dangit

That seems pretty similar to the archwiki one, just with LVM

dont worry about it most people don't need it

oh

k

yeah

you'll use the EFI partition you made earlier

in fdisk you'll want to make a partition that takes up the rest of the free space on the drive

neat

Once you make the partition run cryptsetup -y -v luksFormat [PARTITION] to setup the encryption

wait holdup 1 second

most people dont need aes 256 but for extra peace of mind you might want it

if you do run cryptsetup -y -v -s 512 luksFormat partition

swap too prolly

You can't use hibernation

wait what does -v do?

Your swap partition isn't big enough for it anyway

one sec

also it's not necessary to put -y, it's run automatically

yeah you can just follow this https://wiki.archlinux.org/title/Dm-crypt/Swap_encryption#With_suspend-to-disk_support

but ig it doesnt matter

cause of what me derp said

but you're gonna be dualbooting so probably without suspend to disk support because it's simpler

hm, it's not in the man file

weird

it might just be verbose

sounds about right

wait

nvm you're good

i thought the -s 512 might go after luksFormat but i'm wrong

To unlock the drive, run cryptsetup open /dev/nvme0n1p4 root

you can replace root with what you want to name the partition temporarily, though it doesn't really matter

yep

now you should probably set up swap encryption

oh yeah that

cryptsetup open --type plain --key-file /dev/urandom /dev/[swap partition] swap

run that to open encrypted swap

that's assuming you don't need hibernation, which you probably don't since you'll be dualbooting

it's mapping the swap to /dev/mapper/swap with a random password so that when you turn off the system the swap will be a jumbled mess with no password

fdisk /dev/nvme0n1

then press d and select partition 4

unmount it with umount /mnt first

Once you mount the EFI partition follow the installation as normal until you get to installing the bootloader and mkinitcpio configuration

mkswap /dev/mapper/swap

And that

then swapon /dev/mapper/swap

You remounted your root, right?

After making the swap partition did you remount your root partition?

ok, yes continue with the guide

follow the guide until after you generate the fstab, then say here

yes

yes

ok cool you can run the genfstab command then post the output of cat /etc/fstab

They shouldn't need to edit the fstab

ok everything looks good there

but there's some more configuration you now need to do for the encrypted swap

first chroot in with arch-chroot /mnt

then open up /etc/crypttab in a text editor

post a screenshot

uncomment the swap line

and change the device to your swap partition

BUT

the block device can change on boot

so you should probably list uuid there

you shouldn't use block device in /etc/crypttab because block devices can change

and if it does it will destroy all the data on that drive

run blkid /dev/[swap partition]

perfect, just change the change the options bit to swap,cipher=aes-xts-plain64,size=256

because cbc-essiv is compromised

you're changing the cipher the swap partition encrypts with to something stronger

i have no idea why it's not the default yet

thats it

you can follow the installation guide as normal until you get to the initramfs

tell me when you get there

ok run nano /etc/mkinitcpio.conf

find the hooks line and change it to HOOKS=(base systemd autodetect modconf keyboard sd-vconsole block sd-encrypt filesystems fsck)

there are a lot of examples so make sure you edit the right one

Why did you remove KMS?

i was going off my own fstab, but most people dont really need kms

It's the default on Arch now

Do what they said but add kms after modconf

mkinitcpio is a tool that makes the initramfs, which is basically a basic compressed Linux system that is used to mount the root partition and provide a recovery shell

You need to install a bootloader now

oh yeah, do those

grub can be made to look just like refind

Yeah

Install the grub, efibootmgr, and os-prober with pacman

(pacman -S [packages])

.aw install

efibootmgr is needed for installing GRUB for UEFI, os-prober is needed for detecting Windows

grub-install --efi-directory=[mountpoint of your esp]

your esp is that fat32 partition you're using for linux and mountpoint means where you mounted it to

no brackets in the real command

archwiki says a longer command which also works but is a mouthful

btw you do it in chroot

You mounted it at /boot

/boot, because you're in chroot

Now you'll need to edit the kernel parameters for encryption

Edit /etc/default/grub and go to GRUB_CMDLINE_LINUX_DEFAULT

And add rd.luks.name=[ROOT UUID]=root root=/dev/mapper/root to it

The normal one

yeah that looks good

also, uncomment the line at the end of the file about os-prober

then save the file and run grub-mkconfig -o /boot/grub/grub.conf to generate the GRUB config

It might detect something someone doesn't want it to, idk

It doesn't look like it detected Windows, hm

You can fix it later

Did you install any network software?

Ok, there's a couple options, but I'd recommend Network Manager

other options like iwd exist though

So install the networkmanager package, run systemctl enable NetworkManager to enable it's service on boot

now you can exit out of chroot and reboot

strange

you made the GRUB config, so that shouldn't appear

yeah that's fine

sleep is important

Me Derp received a thank you cookie!

glad i could help

... close

#11251 📣 if you don't need help with this anymore, add [SOLVED] to the start of the post's title (for example, the title could say [SOLVED] pacman not working)
if you're on a laptop or desktop computer, see the note on archiving by sending a message that says ... archive.

Sure

It's just something wrong with GRUB though

https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Configuring_the_boot_loader

It tells the system which encrypted partition to use as root and what to name it

The root partition's UUID

Typically that happens when you didn't generate a GRUB config, but you did

You might have put it in the wrong spot but it doesn't seem like that

Are you selecting the right entry in your boot order?

Because everything else looks fine

Can you mount all your partitions in the archiso and show the contents of /mnt/boot/ or (or /boot from chroot`)

Mount your partitions, chroot in, and run ls /boot

Also mount your EFI partition

you can do it from within chroot or out of chroot

You don't need to do mkdir, the directory already exists, but it's fine

looks normal

I don't think this is an encryption issue

oh

yeah that would cause it lol

You try installing ntfs-3g, it shouldn't be needed but I've seen it help people

regenerate the grub config, you can do it from the installed system

If you can boot from Windows normally, no

👍

now to actually do it lol

Me Derp received a thank you cookie!

GRUB will autodetect it

if you need any help with setting anything up, or need anything like app recommendations, feel free to ping me

weird

Did you do anything before this started happening? Or did it just happen?

It could be because of the 512 key size Rogue had you do

Though I don't know if that could cause it

hey, sorry for the late response. we're probably in different timezones. for the slow bootup, check the /etc/crypttab for typos. the cipher bit should say exactly swap,offset=2048,cipher=aes-xts-plain64,size=512if there aren't any then it might be the key size. try changing it to 256.

[SOLVED] Installing arch - specifically disk partitioning + encryption