For those looking to install Arch Linux, it is my hope that this guide will prove useful. Most of the information here is from https://wiki.archlinux.org/. The advantage of this guide is all the information being available on one opinionated page. This guide assumes that we know how to download an Arch Linux image and boot into it, along with the system booting into UEFI mode. We will be messing with our systems so I strongly recommend to read this guide carefully. With that out of the way let's begin.
Change console keymap
Those using a different keyboard layout may want to change the console keymap. To change to dvorak, run:
Next we will want to connect to the internet. If your device is plugged in via Ethernet cable then you should be good to go. Otherwise, we can connect to a Wi-Fi network using iwctl:
Find out the name of your wireless device:
Scan for networks:
station <device name> scan
List network SSID:
station <device name> get-networks
Connect to network:
station <device-name> connect <SSID>
Leave iwctl by sending a SIGINT signal with
If we get a response then we can stop pinging using
Update system clock
With connectivity taken care of let's enable and start network time synchronisation:
timedatectl set-ntp true
Now we start the process for partitioning the disks. First we will identify disks in
We are looking for a drive we want to install Arch on. The section labeled
Disk model should help us identify what drive we want. In the image above, if we wanted to install on the SanDisk, the location of the
block device would be
Since we are going to encrypt our root directory, let's securely erase the drive. First, create a container called
cryptsetup open --type plain -d /dev/urandom /dev/<block-device> to_be_wiped
Next we will zero out the container:
dd bs=1M if=/dev/zero of=/dev/mapper/to_be_wiped status=progress
Then we close the container:
cryptsetup close to_be_wiped
With the drive erased, we will now use fdisk to partition the disk. fdisk is interactive and we will walk through the process together. First lets manipulate the drive we want to partition:
We can enter
m to see the available commands. The first thing we want to do is create a new partition table. We can do that by entering
We need two partitions: An EFI system partition to boot and a root directory / partition to hold our data. Let's create them now with
We will be prompted to assign a partition number, leave it at the default by hitting enter. Similarly, leave the first sector at the default and hit enter. Our first partition will be 512M so for the last sector enter
Change the partition type with
1 for EFI.
Next we create another partition with
n and leave everything at their default values.
If we enter
p fdisk will print out our partition table and we should see something like this:
Finally, we write the partition table to disk with
We can now format the partitions. First we will format the boot partition, we are looking for the device with the type
EFI System. Partition it to FAT32 and label it
mkfs.fat -F32 -n ESP /dev/<boot-partition>
In order to encrypt our data, we will need to create a Linux Unified Key Setup (LUKS) partition. Look for the device with the type
Linux filesystem. Format and label it
cryptsetup luksFormat --label ARCH_LUKS /dev/<linux-partition>
After setting a password, let's open the LUKS partition and map it to the device name of
cryptroot. If using a SSD, we can disable internal read and write workqueue for increased performance with encryption using
cryptsetup --perf-no_read_workqueue --perf-no_write_workqueue --persistent open /dev/<luks-partition> cryptroot. Otherwise:
cryptsetup open /dev/<luks-partition> cryptroot
Our LUKS partition is now mapped to
/dev/mapper/cryptroot. Next we'll finally format
cryptroot to Btrfs and label it
mkfs.btrfs -L ARCH /dev/mapper/cryptroot
List block devices and view filesystem info with
We will first mount our Btrfs filesystem
cryptroot. To improve performance we will disable access time metadata updates. We will also use
ZSTD compression with a level of
1 to prioritise performance:
mount -o noatime,compress=zstd:1 /dev/mapper/cryptroot /mnt
Now that we have mounted
cryptroot we will create subvolumes. Create
btrfs subvolume create /mnt/rootbtrfs subvolume create /mnt/home
We will now mount the subvolumes
home at the appropriate locations instead of the toplevel subvolume. This is done to simplify the creation of snapshots:
mount -o noatime,compress=zstd:1,subvol=root /dev/mapper/cryptroot /mntmount --mkdir -o noatime,compress=zstd:1,subvol=home /dev/mapper/cryptroot /mnt/home
Finally mount the boot partition we previously created:
mount --mkdir /dev/<boot-partition> /mnt/boot
Install essential packages
pacstrap to install some packages so we can start using our system:
pacstrap /mnt base linux linux-firmware btrfs-progs networkmanager vim man-db man-pages
genfstab to create a fstab file:
genfstab -L /mnt >> /mnt/etc/fstab
chroot into our new system:
Congratulations! We are now in our now system.
Set the time zone, we can use tab completion to view possible options:
ln -sf /usr/share/zoneinfo/<region>/<city> /etc/localtime
Set the Hardware Clock:
We will use vim as our text editor to uncomment locales in
/etc/locale.gen, we should at least uncomment
en_US.UTF-8 UTF-8. Afterwards generate locales with:
create locale.conf and set the LANG variable:
If we previously changed the console keymap then make it persist with:
Create the hostname file and set the hostname as you wish, for example arch:
Enable networkmanager so we will have connectivity once we leave the live environment:
systemctl enable NetworkManager
Since we are using encryption, we will need to edit
mkinitcpio, the script used to create the initial ramdisk. Edit the file
/etc/mkinitcpio.conf. Go to the
HOOKS line that isn't commented out and replace
systemd, and add
sd-vconsole (if we changed the keymap) and
sd-encrypt hooks after
keyboard. Then recreate initramfs:
Set the root password:
Next install GRUB bootloader and microcode updates. If using Intel processor, replace
pacman -S grub efibootmgr amd-ucode
We will now install the GRUB EFI application and its modules and name the bootloader
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
Let's edit our kernel parameters file. We previously labeled everything but unfortunately need the
UUID of our
ARCH_LUKS partition. Find the
lsblk -f then edit
All the following parameters need to be appended to
Unlock our device in initramfs by appending
Enable TRIM support, append
Disable and blacklist watchdog module, append
grub-mkconfig -o /boot/grub/grub.cfg
Our work in chroot is done, exit out with
After rebooting and decrypting our drive, we should be greeted with a login screen. The only user we have right now is
root so enter that as our login username and supply the appropriate password.
If we need to connect to Wi-Fi, use
nmcli device wifi listnmcli device wifi connect <SSID> password <PASSWORD>
Arch usespacman as its package manager. Enable color output and parallel downloads by editing
/etc/pacman.conf and uncommenting
Color along with
ParallelDownloads and changing the value from 5 to 10. We can also an arguably nicer progress bar by adding
ILoveCandy right after
The choice of desktop environment if any at all is entirely up to the user. For the purposes of this guide we will be using GNOME.
The packages required for display drivers varies based on hardware. I will link the appropriate wiki pages where we can find the correct packages to install:
An example for AMD would be:
pacman -S sudo pacman-contrib archlinux-contrib reflector mesa vulkan-radeon libva-mesa-driver gnome gnome-tweaks pipewire pipewire-alsa pipewire-pulse pipewire-jack wireplumber firewalld $(pacman -Ssq noto-fonts)
The display driver packages are
mesa vulkan-radeon libva-mesa-driver.
mesa provides 3D acceleration,
vulkan-radeon provides vulkan support, and accelerated video decoding is provided by
Users and groups
Let's create an unprivileged user and add it to the
useradd -m -G wheel <user>passwd <user>
We will use
sudo to allow the user to run privileged commands. Since we have already added our user to the
wheel group, we just need to uncomment
%wheel ALL=(ALL) ALL:
We will use
reflector to keep our mirrors up to date. To choose mirrors based in our country, and sort them by download rate. Edit
/etc/xdg/reflector/reflector.conf, uncomment and update
sort age to
Let's enable some timers and services:
systemctl enable fstrim.timer paccache.timer reflector.timer gdm firewalld bluetooth
reboot and login using our newly created user.
After decrypting our drive and logging in we should now be inside the GNOME desktop environment. If we changed our keymap, then the GNOME login will unfortunately be in qwerty, we will fix that now.
Settings->Keyboard and add in the desired keyboard layout. Next open
terminal and enter (replacing
dvorak with the appropriate text:
localectl set-x11-keymap us dvoraklocalectl set-keymap dvorak
If you are the only user and don't wish to enter a password to login after decrypting our drive, we can go to
unlock and check
Automatic Login. Since we are no longer
root we need to use
sudo to install packages. For tracking unowned files, zsh, firefox, and gvim we will install the following packages:
sudo pacman -S pacutils zsh grml-zsh-config firefox gvim
gvim will conflict with
vim-minimal that we installed earlier. Enter
y to remove
Start and configure
zsh to our default shell:
chsh -s $(which zsh)
vim our default editor and enable wayland for
Firefox by setting some environmental variables:
.config/environment.d/envvars.conf and have the following as the contents:
Source the environmental variables by restarting gdm:
systemctl restart gdm
With that we are finally done! I hope this guide was helpful and we learned some things along the way.
Btrfs has no built-in encryption support, but this may come in the future. Users can encrypt the partition before running mkfs. btrfs . See dm-crypt/Encrypting an entire system#Btrfs subvolumes with swap.How to install ArchLinux with btrfs? ›
- Mount the file systems.
- We need to mount our created partitions into our linux hierarchy. ...
- mount /dev/sda3 /mnt btrfs su cr /mnt/@ btrfs su cr /mnt/@home btrfs su cr /mnt/@root btrfs su cr /mnt/@srv btrfs su cr /mnt/@log btrfs su cr /mnt/@cache btrfs su cr /mnt/@tmp btrfs su li /mnt.
- "Drives" option. Choose the disk for partitioning. ...
- "Disk layout" option. Select the second option which erases and partitions the disk according to the default layout preferred by Arch Linux. ...
- Choose the "Encryption password" option and provide a password to encrypt the disk.
- Step 1: Create a LUKS2 formatted device with the PBKDF2 algorithm. ...
- Step 2: Format and mount the new LUKS2 device. ...
- Note: If you wish to change the passphrase for the boot partition in the future then you'll need to pass the same arguments to cryptsetup as when you created it.
As a single-disk filesystem, Btrfs is stable and performs well, but if users go deeper into its newer features, the ground gets shakier.Should I use btrfs or Ext4? ›
Ext4 is a reliable and stable filesystem that keeps our data safe in most unwanted events like power loss. It has been used for a long time hence testing and bug fixes have improved it a lot. Ext4 transfers file faster than Btrfs hence it is a good choice for users.Is btrfs any good? ›
Good features BUT Complex, wastes time, not KISS, does not play well. I have used BTRFS for the first time since March 2023 on my internal archives directory. Using multiple drives of varying sizes created a luks1 encrypted 'single' data and dup meta volume.How to easily install Arch Linux? ›
- Step 1: Download the Arch Linux ISO.
- Step 2: Create a live USB of Arch Linux.
- Step 3: Boot from the live USB. Not using US keyboard? ...
- Step 4: Partition the disks. ...
- Step 4: Create filesystem. ...
- Step 5: Connect to WiFi.
- Step 6: Select an appropriate mirror.
- Step 7: Install Arch Linux.
Boot the live environment
Note: Arch Linux installation images do not support Secure Boot. You will need to disable Secure Boot to boot the installation medium. If desired, Secure Boot can be set up after completing the installation. Point the current boot device to the one which has the Arch Linux installation medium.
In this article we have explored LUKS, a valid frontend for full disk encryption. It is important to ensure that your LUKS configuration is secure (strong ciphers); if you do not need the explicit features of the first version of LUKS, use LUKS2.
You don't want to risk personal data and potentially access to emails and cloud accounts, if your device is stolen. Encrypting your hard disk will block access to these items. Whether files, partitions, or the full disk is encrypted, the contents will be meaningless to anyone without the encryption key.Should you encrypt the boot partition? ›
It is not suggested to encrypt the boot partition in Red Hat Enterprise Linux.What is the difference between Ext4 and Btrfs encryption? ›
Ext4 supports some features that btrfs does not have, such as online defragmentation, quota management, or journaling. However, ext4 does not support many of the features that btrfs has, such as snapshots, compression, encryption, deduplication, RAID, subvolumes, or checksums.Which file system supports data encryption? ›
EFS is a functionality of New Technology File System (NTFS) and is built into a device via the OS. It facilitates file or directory encryption and decryption with the help of complex cryptographic algorithms.Is Btrfs more reliable than Ext4? ›
Btrfs uses a checksum to ensure that the data doesn't corrupt, on the other hand, Ext4 doesn't ensure data integrity. Btrfs come with compression algorithms present in the filesystem, allowing data to be compressed at the filesystem level right when written to the system.No such built-in compression support is in Ext4.Why should I use Btrfs over Ext4? ›
Features: Btrfs has more advanced features, such as snapshots, data integrity checks, and built-in RAID support. Ext4 focuses on providing a reliable and stable file system with good performance.