11 votes

For any newer Linux users looking to install Arch, I wrote a quick guide for an encrypted install on UEFI

Guide can be found here

Right now, the guide assumes you aren't dual booting. This is because I've never really dual booted off a single HDD, so while I probably could include it in the guide, I don't feel comfortable without first testing the process.

This guide also sets you up with BTRFS, but you can still use ext4, just requires changing two lines.

6 comments

  1. [3]
    toaster
    Link
    Hey this is great! Really cut, dry, and to the point, which is super helpful. I've never done an encrypted install, and have only dual-booted off a single HDD. Out of curiosity, why do you encrypt...

    Hey this is great! Really cut, dry, and to the point, which is super helpful. I've never done an encrypted install, and have only dual-booted off a single HDD. Out of curiosity, why do you encrypt the swap space?

    3 votes
    1. [2]
      Luca
      Link Parent
      For example, applications can deal with passwords or tokens. It's fine as long as these stay in memory, but if the system starts swapping, they'll be written unencrypted to the disk.

      Out of curiosity, why do you encrypt the swap space?

      For example, applications can deal with passwords or tokens. It's fine as long as these stay in memory, but if the system starts swapping, they'll be written unencrypted to the disk.

      4 votes
      1. toaster
        Link Parent
        Ah that makes total sense. Thanks! I'll keep that in mind for my next build.

        Ah that makes total sense. Thanks! I'll keep that in mind for my next build.

  2. [2]
    Comment deleted by author
    Link
    1. Luca
      Link Parent
      Just personal preference, like you said. I like having everything inside a single encrypted block, and subdividing within it. Plus, for the purpose of a guide like this, I find it easier to set...

      I guess it's just personal taste, but why use btrfs and lvm? You could just create an encrypted swap partition alongside /boot & /boot/efi then dedicate the rest of the disk to btrfs.

      Just personal preference, like you said. I like having everything inside a single encrypted block, and subdividing within it. Plus, for the purpose of a guide like this, I find it easier to set up.

      I've never seen a seperate /boot and /boot/efi either. Is there a benefit to this? I just mount my efi partition at /boot and it works fine.

      Usually it's fine to do that, but it doesn't work across all distros. Debian, for example, doesn't allow the boot partition to be FAT. Also, since FAT doesn't support symlinks, some advanced configurations wouldn't be available if your kernel is on there. So it's just something I consider good practice.

      2 votes
  3. [2]
    havoc
    Link
    The obvious question: why write a new one instead of, if necessary, improving the one on the wiki? After all, when people ask for more support on arch forums or irc, everyone will ask whether...

    The obvious question: why write a new one instead of, if necessary, improving the one on the wiki?
    After all, when people ask for more support on arch forums or irc, everyone will ask whether you've followed the main guide.

    1 vote
    1. Luca
      Link Parent
      The Arch wiki is fantastic documentation, and is part of the reason I still sometimes use Arch (I'm a chronic distro hopper, so I'm on something new every month). The wiki doesn't really cater the...

      The Arch wiki is fantastic documentation, and is part of the reason I still sometimes use Arch (I'm a chronic distro hopper, so I'm on something new every month).

      The wiki doesn't really cater the same audience as this guide. This one is brief and to the point, and will set you up with a working arch install ASAP. The wiki has a lot more explanation, options, and plenty of ways for newer users to get lost.

      This honestly started as just a reference I could refer to myself, before I decided to properly write it for others.

      I will reference the wiki, though, to make sure people read it as well.

      2 votes