Arch Linux Installation

Warning: This is my personal guide for installing an Arch Linux system. Use it only as a guide as you follow along with the official Installation Guide.

This is a guide for installing an encrypted system with just the basics. It uses UEFI to boot kernel directly via EFISTUB. It does not apply to BIOS systems or systems that dual-boot.

You may need additional packages for video drivers, etc.

1. Preparation

Download the Arch ISO.

If you have GnuPG installed on your current system, verify the download:

$ gpg --keyserver-options auto-key-retrieve --verify archlinux-version-dual.iso.sig

Create a bootable USB drive by doing the following on an existing Linux installation:

# dd bs=4M if=/path/to/archlinux-version-dual.iso of=/dev/sdx status=progress && sync

where /dev/sdx is the USB drive. Now boot from the USB drive.

2. Pre-installation

2.1 Set keyboard layout

If using a keymap other than US, set the keyboard layout by doing:

# loadkeys keymap

2.2 Connect to the internet

If you have a wired connection, it should connect automatically.

If you have a wireless connection, first stop the wired connection to prevent conflicts:

# systemctl stop dhcpcd@interface.service

A list of interfaces can be found with:

# ip link

Then connect to a wifi network with:

# wpa_supplicant -B -i interface -C/run/wpa_supplicant
# wpa_cli -i interface
> scan
> scan_results
> add_network
> set_network 0 ssid "SSID"
> set_network 0 psk "passphrase"
> enable_network 0
> quit

Get an ip address:

# dhcpcd

For both wired and wireless connections, check your connection with:

# ping

2.3 Update system clock

# timedatectl set-ntp true

2.4 Partition the disk

# gdisk /dev/sda

Create a GUID partition table. Then create an EFI system partition (ESP) of size 550MiB and marked as partition type EF00. Create at least one more partition for the system partition.

Note: This guide assumes your disk is at /dev/sda. Change if needed.

2.5 Create filesystems and mount

Format your ESP as FAT32:

# mkfs.fat -F32 /dev/sda1

Replace ext4 with the file system you are using in all of the following. For example, to use BTRFS replace it with btrfs.

To create an encrypted system do:

# cryptsetup lukFormat /dev/sda2
# cryptsetup open /dev/sda2 cryptroot
# mkfs.ext4 /dev/mapper/cryptroot
# mount /dev/mapper/cryptroot /mnt
# mount /dev/sda1 /mnt/boot

To create a regular (not encrypted) system, instead do:

# mkfs.ext4 /dev/sda2
# mount /dev/sda2 /mnt
# mount /dev/sda1 /mnt/boot
Tip: If using btrfs, create any subvolumes you wish to use as mount points now. Then unmount /mnt and remount your subvolumes to the appropriate mount points. For example:
# btrfs subvolume create /mnt/@
# btrfs subvolume create /mnt/@home
# umount /mnt/boot
# umount /mnt
# mount -o compress=zstd,subvol=@ /mnt
# mount -o compress=zstd,subvol=@home /mnt/home
# mount /dev/sda1 /mnt/boot

3. Installation

# pacstrap /mnt base sudo iwd
$ comm -23 <(wget -q -O - \ 
<(pacman -Qqg base | sort)

Note: If using btrfs, btrfs-progs should be appended, since it is not in the base group.

4. Configuration

4.1 Create fstab

# genfstab -U /mnt > /mnt/etc/fstab

4.2 Chroot

# arch-chroot /mnt

4.3 Locale

Uncomment needed locales in /etc/locale.gen (e.g., en_US.UTF-8). Then run:

# locale-gen

Set LANG in /etc/locale.conf as follows::


If not using a US keymap, make they keyboard layout permanent in /etc/vconsole.conf as follows:


4.4 Set the timezone

# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime

4.5 Set hardware clock from system clock

# hwclock --systohc

4.6 Set hostname

Set your hostname in /etc/hostname:


Then set it in /etc/hosts:	localhost
::1		localhost	hostname.localdomain	hostname

4.7 Set root password

# passwd

4.8 Add normal user

# useradd -m -G wheel user
# passwd user

Open the sudoers file and uncomment the wheel group:

# visudo

4.9 Generate intramfs

Add the keyboard, keymap, and encrypt hooks in /etc/mkinitcpio.conf as follows. You will need to make sure you have any additional needed hooks for your setup.

HOOKS=(base udev autodetect modconf keyboard keymap block encrypt filesystems)

Omit keymap if you are using the default US keymap and omit encrypt if you are not encrypting your disk.

Regenerate the initramfs:

# mkinitcpio -p linux

4.10 Swap file

If using BTRFS first do:

# btrfs subvolume create /.swap
# truncate -s 0 /.swap/swapfile

Otherwise do:

mkdir /.swap

Then, in all cases do:

# fallocate -l 2G /.swap/swapfile
# chmod 600 /.swap/swapfile
# mkswap /.swap/swapfile
# swapon /.swap/swapfile

Update /etc/fstab with an additional line for the swap file:

/.swap/swapfile none swap defaults 0 0

5. Exit chroot and reboot

# exit
# reboot

6. Configure UEFI

In this setup we are not using a boot loader bt are booting the kernel directly.

From your Arch Linux live disk, boot into the UEFI Shell v2. Then do:

Shell> map

Note the disk number for the hard drive where you are installing Arch Linux. This guide assumes it is 1.

Now create two UEFI entries:

Shell> bcfg boot add 0 fs1:\vmlinuz-linux "Arch Linux"
Shell> bcfg boot add 1 fs1:\vmlinuz-linux "Arch Linux (Fallback)"

Create a file with your boot parameters for the normal boot:

Shell> edit fs1:\options.txt

For an encrypted system, this file will contain at least:

root=/dev/mapper/cryptroot ro initrd=/initramfs-linux.img cryptdevice=/dev/sda2:cryptroot
Tip: Add :allow-discards after cryptroot to allow trimming if using an SSD. Then enable fstrim.timer to trim the device weekly.

For a regular system, this file will contain at least:

root=/dev/sda2 ro initrd=/initramfs-linux.img

Note: Create at least one additional space before the first character of your boot line in your options files. Otherwise, the root parameter, in this case, gets squashed by a byte order mark and will not be passed to the initramfs, resulting in an error when booting. Additionally, your options file should be one line, and one line only.

Press F2 to save and F3 to quit. Now add the options to your first boot entry:

Shell> bcfg boot -opt 0 fs1:\options.txt

Repeat the above process for your second, fallback entry, creating a text file named options-fallback.txt containing the boot line. Change the intird to the fallback image.

Add it to the entry using bcfg boot -opt 1 fs:1\options-fallback.txt.

7. Reboot

When you reboot you should be prompted for your LUKS password if you decided to encrypt the system. Once you login you’ll have a very simple base system to work with.

8. Post-installation

8.1 Connect to the internet

Start/enable the dhcpcd@interface.service unit.

Tip: To prevent dhcpcd from holding up the boot until it gets an IP address, edit the unit with a drop-in file so that it forks right away:
ExecStart=/usr/bin/dhcpcd -b -q %I

If you have a wireless connection, connect using iwd. First, start/enable the iwd.service unit. Then to connect to a network do:

# iwctl
[iwd]# station device scan
[iwd]# station device get-networks
[iwd]# station device connect SSID
Tip: To prevent a known race condition that prevents iwd from starting on reboot, create a systemd unit named iwd@.service with the following contents:
Description=Wireless service on %I

ExecStart=/usr/lib/iwd/iwd --interface %i
Then stop/disable iwd.service and start/enable iwd@device.service.