[~bandali/bndl.org] / source / 2016 / 11 / arch-macbook-air.org

#+title: Arch Linux on MacBook Air 2013
#+date: [2016-11-01 Tue]
#+options: ^:nil

#+include: "../../macros.org"

This post summarizes how I install and dual-boot Arch Linux with
Full-Disk Encryption alongside macOS.  It is not meant to be a
replacement for the [[https://wiki.archlinux.org/index.php/installation_guide][Installation Guide]] or the former [[https://csdietz.github.io/arch-beginner-guide/][Beginner's Guide]].
Rather, it mostly serves as a small summary with a few useful notes
about the gotchas.

So, make sure you understand what you type into your terminal.  If you
don't, checking out the Arch wiki should probably be your first step.

/Note:/ you will need internet access throughout the installation and
the MacBook Air's WiFi doesn't work out of the box on Arch Linux.  I
recommend using your phone's USB Tethering (if it does support it), or
using an Ethernet-USB adapter.

* Shrinking the macOS partition

The first step I take is resizing the HFS+ macOS partition to make
room for the new {{{abbr(GNU/Linux)}}} installation.  There are plenty
of tutorials on how to do this using macOS's Disk Utility, so do that
and then come back!

* Creating a bootable Arch Linux Installer USB

There are different ways of creating a bootable Arch Linux USB, all
documented on the [[https://wiki.archlinux.org/index.php/USB_flash_installation_media][USB flash installation media]] page on the Arch wiki,
but the simplest one is using =dd= if you already have access to
another UNIX system.

{{{span(red,Warning:)}}} make sure you backup the data on your flash
drive, as =dd= will irrevocably destroy all data on it.

Use =lsblk= to find the name (block device) of your USB drive, then
run =dd= (as root) as shown below:

#+begin_src bash
dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync
#+end_src

Replace =/path/to/archlinux.iso= with the path to the Arch image you
have downloaded, and =/dev/sdx= with your drive.

* Booting up from the USB

After creating the install USB, reboot your laptop and hold the alt
key and boot into the USB.

When booting is complete and you're presented with the prompt, it's a
good time to make sure you're connected to the internet (see the
/note/ at the top of this post).

Use =ping= to verify that you've established a connection:

#+begin_src bash
ping archlinux.org
#+end_src

* Updating the system clock

Once you're connected to the internet, make sure the system clock is
accurate:

#+begin_src bash
timedatectl set-ntp true  # start and enable systemd-timesyncd
#+end_src

You can check the service status using =timedatectl status=.

* Partitioning
:PROPERTIES:
:CUSTOM_ID: partitioning
:END:

I won't dive into partitioning and instead, I'll refer you to the
[[https://wiki.archlinux.org/index.php/Partitioning][Partitioning]] page of Arch wiki. Of the available partitioning tools, I
personally prefer =cfdisk=.

* Setting up LVM & LUKS

I use a [[https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS][LVM on LUKS]] setup, where I set up LVM on top of the encrypted
partition.

First, let's set up the underlying encrypted partition:

#+begin_src bash
cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
           --iter-time 5000 --use-urandom -y luksFormat /dev/sdaX
#+end_src

where =/dev/sdaX= is the partition you created in the last step
(e.g. =/dev/sda4=). For more information about the =cryptsetup=
options, see the [[https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode][LUKS encryption options]].

Then we open the container:

#+begin_src bash
cryptsetup open --type luks /dev/sdaX lvm
#+end_src

Now it's time to use lvm and prepare the logical volume(s):

#+begin_src bash
pvcreate /dev/mapper/lvm
vgcreate vg /dev/mapper/lvm
lvcreate --extents +100%FREE -n root vg
#+end_src

This will create a physical volume on the mapping we just opened,
create a volume group named =vg= on the physical volume, and create a
logical volume named =root= that spans the entire volume group. More
complex setups are possible thanks to the great flexibility of lvm.

We now format the logical volume with =ext4=:

#+begin_src bash
mkfs.ext4 /dev/mapper/vg-root
#+end_src

* Installing the base system

Let's mount the logical volume, make a directory for the mount point
of the boot partition, and mount the boot partition (=/dev/sda1=):

#+begin_src bash
mount /dev/mapper/vg-root /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
#+end_src

Finally, let's install the base system (and optionally =base-devel=):

#+begin_src bash
pacstrap /mnt base base-devel
#+end_src

* Configuring the system

Let's generate the fstab:

#+begin_src bash
genfstab -U /mnt >> /mnt/etc/fstab
#+end_src

Use your favorite terminal-based editor, edit the fstab file and add
the =discard= option for the root partition to enable TRIM on the SSD.

Now we change root into our newly installed system and will configure
it. Adjust these according to your own setup.

#+begin_src bash
arch-chroot /mnt /bin/bash
passwd  # set the root password
echo myhostname > /etc/hostname  # set the hostname
ln -s /usr/share/zoneinfo/Canada/Eastern /etc/localtime  # time zone
hwclock --systohc --utc   # write system clock to hardware clock (UTC)
useradd -m -G wheel -s /bin/bash myuser  # create myuser
passwd myuser  # set the password for myuser
echo "myuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/myuser
# uncomment en_US.UTF-8 UTF-8 and other needed locales in /etc/locale.gen
locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8
#+end_src

Then adjust the initramfs hooks in =/etc/mkinitcpio.conf= and enable
the =encrypt= and =lvm2= hooks, and make sure =keyboard= is available
before =encrypt= so you can actually type in the LUKS password when
booting. Your =HOOKS= line should look similar to this:

#+begin_src
HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck"
#+end_src

After adjusting the hooks, build the initramfs:

#+begin_src bash
mkinitcpio -p linux
#+end_src

Now, install the =intel-ucode= package. We'll configure the bootloader
to enable intel microcode updates.

#+begin_src bash
pacman -S intel-ucode
#+end_src

Create the =/boot/loader/loader.conf= with the following content
(adjust the timeout to your liking):

#+begin_src
default arch
timeout 3
#+end_src

Then create the entry for Arch:

#+begin_src bash
mkdir -p /boot/loader/entries
touch /boot/loader/entries/arch.conf
#+end_src

Now edit =/boot/loader/entries/arch.conf= to specify the Arch entry:

#+begin_src
title    Arch Linux
linux    /vmlinuz-linux
initrd   /intel-ucode.img
initrd   /initramfs-linux.img
options  cryptdevice=/dev/sdaX:vg:allow-discards root=/dev/mapper/vg-root rw
#+end_src

Again, =/dev/sdaX= is the partition you created in the [[#partitioning][partitioning]]
step as the underlying encrypted partition.

Finally, install the bootloader, exit the chroot, umount and reboot!

#+begin_src bash
bootctl install
exit
umount -R /mnt
reboot
#+end_src

* Post-installation recommendations

Congratulations! You now have a minimal Arch installation.

At this point, I usually install my favorite AUR helper, [[https://aur.archlinux.org/packages/pacaur/][pacaur]], then
I install the [[https://aur.archlinux.org/packages/broadcom-wl-dkms/][broadcom-wl-dkms]] wireless driver and [[https://aur.archlinux.org/packages/mba6x_bl-dkms/][mba6x_bl-dkms]]
backlight driver to fix the post suspend/resume issue where three's no
brightness after waking up from suspend, and the only available
brightness would be 100%.

#+begin_src bash
pacaur -S linux-headers dkms  # linux-headers is required for dkms
pacaur -S broadcom-wl-dkms
pacaur -S mba6x_bl-dkms
#+end_src

Then, I'd like to install

- input, graphics, and sound drivers,
- a desktop environment (I prefer Xfce or LXQt),
- a display manager for login screen (lightdm or sddm), and
- a network manager (NetworkManager or ConnMan).

Check out the [[https://wiki.archlinux.org/index.php/General_recommendations][General recommendations]] for more details.

* References

Here are some resources I've come across each with lots of useful bits
and pieces, about installing Arch on a MacBook:

- [[https://github.com/pandeiro/arch-on-air][pandeiro/arch-on-air]]
- [[https://loicpefferkorn.net/2015/01/arch-linux-on-macbook-pro-retina-2014-with-dm-crypt-lvm-and-suspend-to-disk/][Arch Linux on MacBook Pro Retina 2014 with DM-Crypt, LVM and suspend to disk]]
- [[http://frankshin.com/installing-archlinux-on-macbook-air-2013/][Installing Archlinux on Macbook Air 2013]]
- [[http://panks.me/posts/2013/06/arch-linux-installation-with-os-x-on-macbook-air-dual-boot/][Arch Linux Installation with OS X on Macbook Air (Dual Boot)]]
- [[https://visual-assault.org/2016/03/05/install-encrypted-arch-linux-on-apple-macbook-pro/][Installing (encrypted) Arch Linux on an Apple MacBook Pro]]
- [[http://alexeyzabelin.com/arch-on-mac][Installing Arch Linux on a MacBook Air 2013]]
- [[https://medium.com/phils-thought-bubble-of-recent-stuff/arch-linux-running-on-my-macbook-2ea525ebefe3][Arch Linux running on my MacBook]]
- [[http://codylittlewood.com/arch-linux-on-macbook-pro-installation/][Dual boot Arch Linux on MacBook Pro Installation]]
Commit	Line	Data
b307aaa9 AB	1	#+title: Arch Linux on MacBook Air 2013
	2	#+date: [2016-11-01 Tue]
	3	#+options: ^:nil
	4
	5	#+include: "../../macros.org"
	6
	7	This post summarizes how I install and dual-boot Arch Linux with
	8	Full-Disk Encryption alongside macOS. It is not meant to be a
	9	replacement for the [[https://wiki.archlinux.org/index.php/installation_guide][Installation Guide]] or the former [[https://csdietz.github.io/arch-beginner-guide/][Beginner's Guide]].
	10	Rather, it mostly serves as a small summary with a few useful notes
	11	about the gotchas.
	12
	13	So, make sure you understand what you type into your terminal. If you
	14	don't, checking out the Arch wiki should probably be your first step.
	15
	16	/Note:/ you will need internet access throughout the installation and
	17	the MacBook Air's WiFi doesn't work out of the box on Arch Linux. I
	18	recommend using your phone's USB Tethering (if it does support it), or
	19	using an Ethernet-USB adapter.
	20
	21	* Shrinking the macOS partition
	22
	23	The first step I take is resizing the HFS+ macOS partition to make
	24	room for the new {{{abbr(GNU/Linux)}}} installation. There are plenty
	25	of tutorials on how to do this using macOS's Disk Utility, so do that
	26	and then come back!
	27
	28	* Creating a bootable Arch Linux Installer USB
	29
	30	There are different ways of creating a bootable Arch Linux USB, all
	31	documented on the [[https://wiki.archlinux.org/index.php/USB_flash_installation_media][USB flash installation media]] page on the Arch wiki,
	32	but the simplest one is using =dd= if you already have access to
	33	another UNIX system.
	34
	35	{{{span(red,Warning:)}}} make sure you backup the data on your flash
	36	drive, as =dd= will irrevocably destroy all data on it.
	37
	38	Use =lsblk= to find the name (block device) of your USB drive, then
	39	run =dd= (as root) as shown below:
	40
	41	#+begin_src bash
	42	dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync
	43	#+end_src
	44
	45	Replace =/path/to/archlinux.iso= with the path to the Arch image you
	46	have downloaded, and =/dev/sdx= with your drive.
	47
	48	* Booting up from the USB
	49
	50	After creating the install USB, reboot your laptop and hold the alt
	51	key and boot into the USB.
	52
	53	When booting is complete and you're presented with the prompt, it's a
	54	good time to make sure you're connected to the internet (see the
	55	/note/ at the top of this post).
	56
	57	Use =ping= to verify that you've established a connection:
	58
	59	#+begin_src bash
	60	ping archlinux.org
	61	#+end_src
	62
	63	* Updating the system clock
	64
65	Once you're connected to the internet, make sure the system clock is
66	accurate:
67
68	#+begin_src bash
69	timedatectl set-ntp true # start and enable systemd-timesyncd
70	#+end_src
71
72	You can check the service status using =timedatectl status=.
73
74	* Partitioning
75	:PROPERTIES:
76	:CUSTOM_ID: partitioning
77	:END:
78
79	I won't dive into partitioning and instead, I'll refer you to the
80	[[https://wiki.archlinux.org/index.php/Partitioning][Partitioning]] page of Arch wiki. Of the available partitioning tools, I
81	personally prefer =cfdisk=.
82
83	* Setting up LVM & LUKS
84
85	I use a [[https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS][LVM on LUKS]] setup, where I set up LVM on top of the encrypted
86	partition.
87
88	First, let's set up the underlying encrypted partition:
89
90	#+begin_src bash
91	cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
92	--iter-time 5000 --use-urandom -y luksFormat /dev/sdaX
93	#+end_src
94
95	where =/dev/sdaX= is the partition you created in the last step
96	(e.g. =/dev/sda4=). For more information about the =cryptsetup=
97	options, see the [[https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode][LUKS encryption options]].
98
99	Then we open the container:
100
101	#+begin_src bash
102	cryptsetup open --type luks /dev/sdaX lvm
103	#+end_src
104
105	Now it's time to use lvm and prepare the logical volume(s):
106
107	#+begin_src bash
108	pvcreate /dev/mapper/lvm
109	vgcreate vg /dev/mapper/lvm
110	lvcreate --extents +100%FREE -n root vg
111	#+end_src
112
113	This will create a physical volume on the mapping we just opened,
114	create a volume group named =vg= on the physical volume, and create a
115	logical volume named =root= that spans the entire volume group. More
116	complex setups are possible thanks to the great flexibility of lvm.
117
118	We now format the logical volume with =ext4=:
119
120	#+begin_src bash
121	mkfs.ext4 /dev/mapper/vg-root
122	#+end_src
123
124	* Installing the base system
125
126	Let's mount the logical volume, make a directory for the mount point
127	of the boot partition, and mount the boot partition (=/dev/sda1=):
128
129	#+begin_src bash
130	mount /dev/mapper/vg-root /mnt
131	mkdir /mnt/boot
132	mount /dev/sda1 /mnt/boot
133	#+end_src
134
135	Finally, let's install the base system (and optionally =base-devel=):
136
137	#+begin_src bash
138	pacstrap /mnt base base-devel
139	#+end_src
140
141	* Configuring the system
142
143	Let's generate the fstab:
144
145	#+begin_src bash
146	genfstab -U /mnt >> /mnt/etc/fstab
147	#+end_src
148
149	Use your favorite terminal-based editor, edit the fstab file and add
150	the =discard= option for the root partition to enable TRIM on the SSD.
151
152	Now we change root into our newly installed system and will configure
153	it. Adjust these according to your own setup.
154
155	#+begin_src bash
156	arch-chroot /mnt /bin/bash
157	passwd # set the root password
158	echo myhostname > /etc/hostname # set the hostname
159	ln -s /usr/share/zoneinfo/Canada/Eastern /etc/localtime # time zone
160	hwclock --systohc --utc # write system clock to hardware clock (UTC)
161	useradd -m -G wheel -s /bin/bash myuser # create myuser
162	passwd myuser # set the password for myuser
163	echo "myuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/myuser
164	# uncomment en_US.UTF-8 UTF-8 and other needed locales in /etc/locale.gen
165	locale-gen
166	echo LANG=en_US.UTF-8 > /etc/locale.conf
167	export LANG=en_US.UTF-8
168	#+end_src
169
170	Then adjust the initramfs hooks in =/etc/mkinitcpio.conf= and enable
171	the =encrypt= and =lvm2= hooks, and make sure =keyboard= is available
172	before =encrypt= so you can actually type in the LUKS password when
173	booting. Your =HOOKS= line should look similar to this:
174
175	#+begin_src
176	HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck"
177	#+end_src
178
179	After adjusting the hooks, build the initramfs:
180
181	#+begin_src bash
182	mkinitcpio -p linux
183	#+end_src
184
185	Now, install the =intel-ucode= package. We'll configure the bootloader
186	to enable intel microcode updates.
187
188	#+begin_src bash
189	pacman -S intel-ucode
190	#+end_src
191
192	Create the =/boot/loader/loader.conf= with the following content
193	(adjust the timeout to your liking):
194
195	#+begin_src
196	default arch
197	timeout 3
198	#+end_src
199
200	Then create the entry for Arch:
201
202	#+begin_src bash
203	mkdir -p /boot/loader/entries
204	touch /boot/loader/entries/arch.conf
205	#+end_src
206
207	Now edit =/boot/loader/entries/arch.conf= to specify the Arch entry:
208
209	#+begin_src
210	title Arch Linux
211	linux /vmlinuz-linux
212	initrd /intel-ucode.img
213	initrd /initramfs-linux.img
214	options cryptdevice=/dev/sdaX:vg:allow-discards root=/dev/mapper/vg-root rw
215	#+end_src
216
217	Again, =/dev/sdaX= is the partition you created in the [[#partitioning][partitioning]]
218	step as the underlying encrypted partition.
219
220	Finally, install the bootloader, exit the chroot, umount and reboot!
221
222	#+begin_src bash
223	bootctl install
224	exit
225	umount -R /mnt
226	reboot
227	#+end_src
228
229	* Post-installation recommendations
230
231	Congratulations! You now have a minimal Arch installation.
232
233	At this point, I usually install my favorite AUR helper, [[https://aur.archlinux.org/packages/pacaur/][pacaur]], then
234	I install the [[https://aur.archlinux.org/packages/broadcom-wl-dkms/][broadcom-wl-dkms]] wireless driver and [[https://aur.archlinux.org/packages/mba6x_bl-dkms/][mba6x_bl-dkms]]
235	backlight driver to fix the post suspend/resume issue where three's no
236	brightness after waking up from suspend, and the only available
237	brightness would be 100%.
238
239	#+begin_src bash
240	pacaur -S linux-headers dkms # linux-headers is required for dkms
241	pacaur -S broadcom-wl-dkms
242	pacaur -S mba6x_bl-dkms
243	#+end_src
244
245	Then, I'd like to install
246
247	- input, graphics, and sound drivers,
248	- a desktop environment (I prefer Xfce or LXQt),
249	- a display manager for login screen (lightdm or sddm), and
250	- a network manager (NetworkManager or ConnMan).
251
252	Check out the [[https://wiki.archlinux.org/index.php/General_recommendations][General recommendations]] for more details.
253
254	* References
255
256	Here are some resources I've come across each with lots of useful bits
257	and pieces, about installing Arch on a MacBook:
258
259	- [[https://github.com/pandeiro/arch-on-air][pandeiro/arch-on-air]]
260	- [[https://loicpefferkorn.net/2015/01/arch-linux-on-macbook-pro-retina-2014-with-dm-crypt-lvm-and-suspend-to-disk/][Arch Linux on MacBook Pro Retina 2014 with DM-Crypt, LVM and suspend to disk]]
261	- [[http://frankshin.com/installing-archlinux-on-macbook-air-2013/][Installing Archlinux on Macbook Air 2013]]
262	- [[http://panks.me/posts/2013/06/arch-linux-installation-with-os-x-on-macbook-air-dual-boot/][Arch Linux Installation with OS X on Macbook Air (Dual Boot)]]
263	- [[https://visual-assault.org/2016/03/05/install-encrypted-arch-linux-on-apple-macbook-pro/][Installing (encrypted) Arch Linux on an Apple MacBook Pro]]
264	- [[http://alexeyzabelin.com/arch-on-mac][Installing Arch Linux on a MacBook Air 2013]]
265	- [[https://medium.com/phils-thought-bubble-of-recent-stuff/arch-linux-running-on-my-macbook-2ea525ebefe3][Arch Linux running on my MacBook]]
266	- [[http://codylittlewood.com/arch-linux-on-macbook-pro-installation/][Dual boot Arch Linux on MacBook Pro Installation]]