[VIDEO] Arch Linux with full disk encryption in (about) 15 minutes August 18, 2016 on Drew DeVault's blog

After my blog post emphasizing the importance of taking control of your privacy, I’ve decided to make a few more posts going over detailed instructions on how to actually do so. Today we have a video that goes over the process of installing Arch Linux with full disk encryption.

This is my first go at publishing videos on my blog, so please provide some feedback in the comments of this article. I’d prefer to use my blog instead of YouTube for publishing technical videos, since it’s all open source, ad-free, and DRM-free. Let me know if you’d like to see more content like this on my blog and which topics you’d like covered - I intend to at least release another video going over this process for Ubuntu as well.

Download video (WEBM)

The video goes into detail on each of these steps, but here’s the high level overview of how to do this. Always check the latest version of the Install Guide and the dm-crypt page on the Arch Wiki for the latest procedure.

  1. Partition your disks with gdisk and be sure to set aside a partition for /boot
  2. Create a filesystem on /boot
  3. (optional) Securely erase all of the existing data on your disks with dd if=/dev/zero of=/dev/sdXY bs=4096 - note: this is a correction from the command mentioned in the video
  4. Set up encryption for your encrypted partitions with cryptsetup luksFormat /dev/sdXX
  5. Open the encrypted volumes with cryptsetup open /dev/sdXX [name]
  6. Create filesystems on /dev/mapper/[names]
  7. Mount all of the filesystems on /mnt
  8. Perform the base install with pacstrap /mnt base [extra packages...]
  9. genfstab -p /mnt >> /mnt/etc/fstab
  10. arch-chroot /mnt /usr/bin/bash
  11. ln -s /usr/share/zoneinfo/[region]/[zone] /etc/localtime
  12. hwclock --systohc --utc
  13. Edit /etc/locale.gen to your liking and run locale-gen
  14. locale > /etc/locale.conf - note this only works for en_US users, adjust if necessary
  15. Edit /etc/hostname to your liking
  16. Reconfigure the network
  17. Edit /etc/mkinitcpio.conf and ensure that the keyboard and encrypt hooks run before the filesystems hook
  18. mkinitcpio -p linux
  19. Set the root password with passwd
  20. Configure /etc/crypttab with any non-root encrypted disks you need. You can get partition UUIDs with ls -l /dev/disk/by-partuuid
  21. Configure your kernel command line to include cryptdevice=PARTUUID=[...]:[name] root=/dev/mapper/[name] rw
  22. Install your bootloader and reboot!

Have a comment on one of my posts? Start a discussion in my public inbox by sending an email to ~sircmpwn/public-inbox@lists.sr.ht [mailing list etiquette]

Articles from blogs I read Generated by openring

Announcing the 2020 Go Developer Survey

Help shape the future of Go Since 2016, thousands of Gophers around the world have helped the Go project by sharing their thoughts via our annual Go Developer Survey. Your feedback has played an enormous role in driving changes to our langu…

via The Go Programming Language Blog October 20, 2020

Status update, October 2020

Hi all, it’s been a while! I’ve been taking some time off this month: I’ve been hiking in Corsica (an island in the south of France) for 2 weeks! The path (called GR20) was very difficult but the gorgeous landscapes made it entirely worth it. :) I’ve uploaded…

via emersion October 16, 2020

What's cooking on Sourcehut? October 2020

Once again we meet to discuss the status of the ongoing SourceHut alpha, which has made progress by leaps and bounds this month. We’re joined by 521 new users this month, bringing our total up to 17,715. As always, please welcome them warmly and show our new…

via Blogs on Sourcehut October 15, 2020