Mettre à jour 'arch_install.md'

2019-04-16 15:38:08 +02:00 · 2019-04-16 15:38:08 +02:00 · 2c1b1aeb64
commit 2c1b1aeb64
parent 73ca4ff756
1 changed files with 15 additions and 59 deletions
--- a/arch_install.md
+++ b/arch_install.md
@ -1,21 +1,12 @@
 The following is a brief installation tutorial for [Arch Linux][1]. It assumes
 familiarity with the Arch [Beginner's Guide][2] and [Installation Guide][3].
-It will provide a system with full-disk encryption using [LVM on LUKS][4].
+It will provide a system using [LVM on LUKS][4].
 Two methods are presented here, the more traditional "BIOS mode", where
 there is no separate `/boot` partition. The entire installation is encrypted
 and booted via [Grub's crypto hooks][5].  The second method is "UEFI mode" which
 will use a GPT and show you how to make [separately-encrypted boot and root partitions][6],
 while only /boot/efi is left unecrypted.
 Use your system's setup interface to choose UEFI or legacy/BIOS mode as appropriate.
 Note that this guide assumes you are performing the install to `/dev/sda`. In
 some cases, you may find that your USB install disk claimed `/dev/sda` and you
 want to install to `/dev/sdb`. Confirm which disk is which before proceeding.
 On some newer systems (e.g. Dell XPS 15), set SATA operation mode to AHCI.
 Boot into the Arch installer.
 If your console font is tiny ([HiDPI][7] systems), set a new font.
@ -28,10 +19,6 @@ Verify that the [system clock is up to date][8].
    $ timedatectl set-ntp true
 (BIOS mode) Create a single partition for LUKS.
    $ parted -s /dev/sda mklabel msdos
    $ parted -s /dev/sda mkpart primary 2048s 100%
 (UEFI mode) Create partitions for EFI, boot, and root.
@ -41,16 +28,17 @@ Verify that the [system clock is up to date][8].
    $ parted -s /dev/sda set 1 esp on
    $ parted -s /dev/sda mkpart primary 513MiB 1024MiB
    $ parted -s /dev/sda mkpart primary 1024MiB 100%
-    $ mkfs.vfat -F32 /dev/nvme0n1p1
+    $ mkfs.ext4 /dev/sda2
    $ mkfs.fat -F32 /dev/sda1
 Create and mount the encrypted root filesystem. Note that for UEFI systems
 this will be partition 3.
-    $ cryptsetup luksFormat /dev/sda1
+
-    $ cryptsetup luksOpen /dev/sda1 lvm
+    $ pvcreate /dev/sda3pc
    $ pvcreate /dev/mapper/lvm
    $ vgcreate arch /dev/mapper/lvm
-    $ lvcreate -L 8G arch -n swap
+    $ lvcreate -L 4G arch -n swap
    $ lvcreate -L 30G arch -n root
    $ lvcreate -l +100%FREE arch -n home
    $ lvdisplay
@ -65,11 +53,8 @@ this will be partition 3.
 (UEFI mode) Encrypt the boot partition using a separate passphrase from
 the root partition, then mount the boot and EFI partitions.
    $ cryptsetup luksFormat /dev/sda2
    $ cryptsetup luksOpen /dev/sda2 cryptboot
    $ mkfs.ext4 /dev/mapper/cryptboot
    $ mkdir /mnt/boot
-    $ mount /dev/mapper/cryptboot /mnt/boot
+    $ mount /dev/sda2 /mnt/boot
    $ mkdir /mnt/boot/efi
    $ mount /dev/sda1 /mnt/boot/efi
@ -90,52 +75,23 @@ Generate and verify [fstab][11].
 Change root into the base install and perform [base configuration tasks][12].
    $ arch-chroot /mnt /bin/bash
    $ export LANG=en_US.UTF-8
    $ echo $LANG UTF-8 >> /etc/locale.gen
    $ locale-gen
    $ echo LANG=$LANG > /etc/locale.conf
    $ ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
    $ hwclock --systohc --utc
    $ echo mymachine > /etc/hostname
    $ systemctl enable dhcpcd.service
    $ passwd
-Set your mkinitcpio encrypt/lvm2 hooks and rebuild.
+Set your mkinitcpio.
-
+    $ sed -i 's/^HOOKS=.*/HOOKS="base udev autodetect modconf block keyboard  lvm2 resume filesystems fsck"/' /etc/mkinitcpio.conf
    $ sed -i 's/^HOOKS=.*/HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 resume filesystems fsck"/' /etc/mkinitcpio.conf
    $ mkinitcpio -p linux
 (BIOS mode) Add a keyfile to decrypt the root volume and properly set the hooks.
    $ dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
    $ cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
    $ chmod 000 /crypto_keyfile.bin
    $ sed -i 's/^FILES=.*/FILES="\/crypto_keyfile.bin"/' /etc/mkinitcpio.conf
    $ mkinitcpio -p linux
 (UEFI mode) Add a keyfile to decrypt and mount the boot volume during startup.
    $ dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
    $ cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin
    $ chmod 000 /crypto_keyfile.bin
    $ echo "cryptboot /dev/sda2 /crypto_keyfile.bin luks" >> /etc/crypttab
 Configure GRUB.
-    $ echo GRUB_ENABLE_CRYPTODISK=y >> /etc/default/grub
+    # BIOS mode 
-
+    $ grub-install /dev/sdat
    # BIOS mode - set the UUID of the encrypted root device
    $ ROOTUUID=$(blkid /dev/sda1 | awk '{print $2}' | cut -d '"' -f2)
    $ sed -i "s/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID="$ROOTUUID":lvm:allow-discards resume=\/dev\/mapper\/arch-swap\"/" /etc/default/grub
    $ grub-mkconfig -o /boot/grub/grub.cfg
    $ grub-install /dev/sda
    $ chmod -R g-rwx,o-rwx /boot
-    # UEFI mode - set the UUID of the encrypted root device
+
-    $ ROOTUUID=$(blkid /dev/sda3 | awk '{print $2}' | cut -d '"' -f2)
+    # UEFI mode 
    $ sed -i "s/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID="$ROOTUUID":lvm:allow-discards root=\/dev\/mapper\/arch-root resume=\/dev\/mapper\/arch-swap\"/" /etc/default/grub
    $ grub-mkconfig -o /boot/grub/grub.cfg
    $ grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub --recheck
    $ grub-mkconfig -o /boot/grub/grub.cfg
    $ chmod -R g-rwx,o-rwx /boot
 Cleanup and reboot!