mipimipi / Install_Arch_Linux_on_USB_Stick.md
We will use LUKS / cryptsetup to create an encrypted container for the root partition. The partition will be secured by a passphrase. This passphrase needs to be entered during the boot process. Without the passphrase, the content of the root partition cannot be read.
This installation procedure is inspired by the references [1] — [5]. It assumes that you have a 2nd USB stick (not the one that you want to use for the new installation) with the Arch Linux installer. Since I would like to have a German system, the language and keyboard layout will be configured during the installation accordingly. If you want to have a different language, you have to adjust the corresponding steps.
Connect the 2nd USB stick to your computer and boot from it.
Configure German keyboard layout (take into account, that by default the US layout is used):
$ loadkeys de $ loadkeys de-latin1
Get the of the id ( dev/sdX ) USB stick (the «target» stick)
For the rest of this gist we assuem that it’s /dev/sdb .
We partion the stick with gdisk :
$ gdisk /dev/sdb GPT fdisk (gdisk) version 1.0.3 Partition table scan: MBR: protective BSD: not present APM: not present GPT: present Found valid GPT with protective MBR; using GPT. Command (? for help): o This option deletes all partitions and creates a new protective MBR. Proceed? (Y/N): Y Command (? for help): n Partition number (1-128, default 1): 1 First sector (34-123731934, default = 2048) or size: Last sector (2048-123731934, default = 123731934) or size: +512m Current type is 'Linux filesystem' Hex code or GUID (L to show codes, Enter = 8300): ef00 Changed type of partition to 'EFI System' Command (? for help): n Partition number (2-128, default 2): 2 First sector (34-123731934, default = 1050624) or size: Last sector (1050624-123731934, default = 123731934) or size: Current type is 'Linux filesystem' Hex code or GUID (L to show codes, Enter = 8300): Changed type of partition to 'Linux filesystem' Command (? for help): w Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING PARTITIONS!! Do you want to proceed? (Y/N): Y OK; writing new GUID partition table (GPT) to /dev/sdb. Warning: The kernel is still using the old partition table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8) The operation has completed successfully.
Encryption and file systems
Create encrypted container:
$ cryptsetup luksFormat -c aes-xts-plain64 -s 512 /dev/sdb2
Open encrypted container and map it to sticky-luks (you can chose whatever name you prefer):
$ cryptsetup open --type luks /dev/sdb2 sticky-luks
Create file system in boot partition:
Create EXT4 file system in root partition:
$ mkfs.ext4 -O "^has_journal" /dev/mapper/sticky-luks
The option «^has_journal» disables journaling, which reduces the number of r/w operations (see reference [4])
Mount the new file systems:
$ mount /dev/mapper/sticky-luks /mnt $ mkdir /mnt/boot $ mount /dev/sdb1 /mnt/boot
Installation of Arch Linux
Select the mirrors as described here.
$ pacstrap /mnt base base-devel grub-efi-x86_64 efibootmgr dialog wpa_supplicant
In case your computer has a Intel CPU, install the support for Intel micorcode:
To make sure your new installation runs on many different computers, install additional input and output drivers (see [4]):
$ pacstrap /mnt xf86-input-synaptics xf86-video-vesa xf86-video-ati xf86-video-intel xf86-video-amdgpu xf86-video-nouveau
Generate fstab . Use option -U to define by UUID. That’s necessary to make sure that the partitions of the USB stick can be identified clearly also on other computers.
$ genfstab -U /mnt >> /mnt/etc/fstab
Replace the option relatime by noatime for both mounts. Also this reduces the number of r/w operations.
Enter the newly installed environment:
Set the hostname (in the example myhost)
$ nano /etc/hosts 127.0.0.1 localhost ::1 localhost 127.0.1.1 myhost.localdomain myhost
Set language (LOCALE) to German:
$ echo LANG=de_DE.UTF-8 > /etc/locale.conf
Search for the following rows and remove the # at the beginning:
#de_DE.UTF-8 UTF-8 #de_DE ISO-8859-1 #de_DE@euro ISO-8859-15 #en_US.UTF-8
Set keyboard layout and font:
$ echo KEYMAP=de-latin1 > /etc/vconsole.conf $ echo FONT=lat9w-16 >> /etc/vconsole.conf
$ ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
Adjust hooks in /etc/mkinitcpio.conf :
Adjust the corresponding row. It should look like this:
HOOKS=(base keyboard udev autodetect modconf block keymap encrypt filesystems fsck)
It’s important to move the keyboard hook before autodetect since otherwise you might have problems with the keyboard in case you to this installation on a desktop with USB keyboard and you want to use the USB stick with a laptop with the build-in keyboard.
Set password for user root :
Install grub . You can use any id, Sticky is just an example:
$ grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=Sticky --removable --recheck
Change the corresponding row to
GRUB_CMDLINE_LINUX="cryptdevice=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:sticky-luks root=/dev/mapper/sticky-luks"
Here, we used sticky-luks to provide consistency to the LUKS configuration (see above), but you can use any other id instead. Please use the UUID of the root partition of your USB stick instead of xxxxxxxx-. — use the command blkid to determine this UUID.
$ grub-mkconfig -o /boot/grub/grub.cfg
Reboot and enjoy your new USB stick installation: