Installing Arch GNU/Linux with full disk encryption and KDE

2018-10-14

When I decided switch back from window 10 to Arch on my Laptop (WSL wasnt enough), I wanted to keep my full disk encryption, and I wanted to keep enjoying a responsive Windows Manager.

Historically KDE has been a very heavy windows manager, but with the introduction of Plasma 5, things have changed. KDE is now mucho more faster than Gnome 3, and from my personal perspective, much nicer to my eye.

So lets gets to the point and list a quick setup receipt to have a fully functional encrypted Arch installation with KDE.

Requirements:

Download and USB Creation

Download the lates Arch ISO from: https://www.archlinux.org/download/. If you are creating the USB from Linux:

Check with fdisk what is your USB drive.

sudo fdisk -l

Then just use “dd” to transfer the image to the USB.

dd if=archlinux-2018.07.01-x86_64.iso  of=/dev/sdb bs=4M

If you are creating the USB from windows:

Download Rufus (https://rufus.akeo.ie/)

Booting and prepare the disk for Arch

Plug your USB, boot up your system and select on the BIOS to boot from the just created USB drive. You should see the boot welcome screen:

1

Select “Boot Arch Linux (x86_64)”. This option will boot Arch and give you a terminal prompt as root.

As we are going to make a full disk encryption including the /boot partition using LVM and LUKS, we need to create the partitions:

First we create a primary partitions that will include the whole disk, in this case /dev/sda (again, you should check what is the name of your disk with fdisk -l)

parted -s /dev/sda mklabel msdos
parted -s /dev/sda mkpart primary 2048s 100%

We setup LUKS on the partition.

cryptsetup luksFormat /dev/sda1
cryptsetup luksOpen /dev/sda1 lvm

And then we create the LVM volume.

pvcreate /dev/mapper/lvm
vgcreate vg /dev/mapper/lvm

We setup 3 LVM partitions, 4G for SWAP. This is at your choice, you could also create other partitions for /home, /boot, etc.

lvcreate -L 4G vg -n swap
lvcreate -l +100%FREE vg -n root

Finally, we create the new partitions and we mount them.

mkswap -L swap /dev/mapper/vg-swap
mkfs.ext4 /dev/mapper/vg-root
swapon /dev/mapper/vg-swap
mount /dev/mapper/vg-root /mnt
mkdir /mnt/home

Connecting to the Internet

We will need access to the internet to download the base packages, and the rest of the operating system. If you are connected through Ethernet cable, and your network provides DHCP, you should already be able to access the internet. You can test this doing a simple ping to Google DNS.

ping 8.8.8.8

If you get a reply, then you are set to go.

If you on the contrary, wants to connect to a WIFI network, you will need to setup the connection from the terminal prompt.

To check if your WIFI card was detected correctly run the following command:

iwconfig

Then bring your WIFI interface up. (Change “interface” for the name of your WIFI card in the previous command)

ip link set interface up

Now try to scan your place for your wifi network:

iwlist interface scan | grep yournetwork
ip link set interface down

If everything went ok you should have seen your WIFI network there. Now you are ready to setup that network.

wifi-menu

Select your network:

2

And type your password

3

Now you should be able to access to the internet.

Installing the system

We will install the arch base package that have all the essentials utilities like text editors, libraries, and USB utilities.

pacstrap /mnt/ base base-deve1

Generate the fstab

genfstab -U /mnt >> /mnt/etc/fstab

Now we do a chroot to the mounted folder in order to configure our system.

arch-chroot /mnt /bin/bash

We set the Timezone (Choose the one that correspond to your location).

ln -sf /usr/share/zoneinfo/Europe/Dublin /etc/localtime

Then set your hardware clock to UTC.

hwclock --systohc --utc

After the timezone, we need to setup the locales of the system. For this execute:

nano /etc/locale.gen

Choose the locale that most suits you. In my case: en_GB.UTF-8 UTF-8. and then execute:

locale-gen

Set the hostname of your system

echo yourhostname > /etc/hostname

Add your new hostname to /etc/hosts

echo "127.0.0.1 yourhostname" >> /etc/hosts

Now set the root passwd and create a new user for you:

passwd root
useradd -m -G wheel,users -s /bin/bash yourusername

Installing the boot loader

In order to boot to your new Linux System, you must install a boot loader. In this case we will install GRUB, and we will modify the configuration so it can ask for the disk decryption password before trying to boot, remember that /boot will be encrypted.

Lets install GRUB first.

pacman -S grub

If you try to install GRUB on the /dev/sda disk now, it will complaint about /boot being encrypted so we uncomment the following on /etc/default/grub

GRUB_ENABLE_CRYPTODISK=y

We need to also tell the kernel to load the LVM and Crypt parameters, so we modify the following line on /etc/default/grub

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:lvm"

Now we are ready to install GRUB on the disk.

grub-install /dev/sda

Add the following 2 parameters to the kernel in /etc/mkinitcpio.conf on the section called “hooks”:

lvm2 encrypt

4

And then run:

mkinitcpio -p linux

Installing KDE

At this point you could already reboot and have a functional Arch Linux System, but it wont have any graphical interface. So we will install KDE prior to reboot, so we can enjoy it from our first boot. In order to install it you must have Xorg installed first:

First install the Video driver. In my case is an ATI card.

pacman -S  xf86-video-ati

We install xorg:

pacman -S xorg

Now we are ready to install KDE

pacman -S plasma
pacman -S kde-applications

You will be asked to select the package that you want, if you just want them all hit enter. Now it will start downloading all your packages and installing KDE Plasma.

After KDE has been installed, we will need to install a Desktop manager. Arch recommendation is SDDM.

pacman -S sddm

We say systemd to start sddm on the beggining.

systemctl enable sddm

Now you can reboot and enjoy your new Arch GNU/Linux System