| 1 | +++ |
| 2 | title = "Arch GNU/Linux on MacBook Air 2013" |
| 3 | date = 2016-11-01 |
| 4 | tags = ["arch", "macbook"] |
| 5 | draft = false |
| 6 | [menu.main] |
| 7 | weight = 2001 |
| 8 | identifier = "arch-gnu-linux-on-macbook-air-2013" |
| 9 | +++ |
| 10 | |
| 11 | This post summarizes how I install and dual-boot Arch GNU/Linux with |
| 12 | Full-Disk Encryption alongside macOS. It is not meant to be a |
| 13 | replacement for the [Installation Guide](https://wiki.archlinux.org/index.php/installation%5Fguide) or the former [Beginner's Guide](https://csdietz.github.io/arch-beginner-guide/). |
| 14 | Rather, it mostly serves as a small summary with a few useful notes |
| 15 | about the gotchas. |
| 16 | |
| 17 | So, make sure you understand what you type into your terminal. If you |
| 18 | don't, checking out the Arch wiki should probably be your first step. |
| 19 | |
| 20 | _Note:_ you will need internet access throughout the installation and |
| 21 | the MacBook Air's WiFi doesn't work out of the box on Arch. I |
| 22 | recommend using your phone's USB Tethering (if it does support it), or |
| 23 | using an Ethernet-USB adapter. |
| 24 | |
| 25 | |
| 26 | ## Shrinking the macOS partition {#shrinking-the-macos-partition} |
| 27 | |
| 28 | The first step I take is resizing the HFS+ macOS partition to make |
| 29 | room for the new <abbr>GNU/Linux</abbr> installation. There are plenty |
| 30 | of tutorials on how to do this using macOS's Disk Utility, so do that |
| 31 | and then come back! |
| 32 | |
| 33 | |
| 34 | ## Creating a bootable Arch Installer USB {#creating-a-bootable-arch-installer-usb} |
| 35 | |
| 36 | There are different ways of creating a bootable Arch USB, all |
| 37 | documented on the [USB flash installation media](https://wiki.archlinux.org/index.php/USB%5Fflash%5Finstallation%5Fmedia) page on the Arch wiki, |
| 38 | but the simplest one is using `dd` if you already have access to |
| 39 | another UNIX system. |
| 40 | |
| 41 | <span class="red">Warning:</span> make sure you backup the data on your flash |
| 42 | drive, as `dd` will irrevocably destroy all data on it. |
| 43 | |
| 44 | Use `lsblk` to find the name (block device) of your USB drive, then |
| 45 | run `dd` (as root) as shown below: |
| 46 | |
| 47 | ```bash |
| 48 | dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync |
| 49 | ``` |
| 50 | |
| 51 | Replace `/path/to/archlinux.iso` with the path to the Arch image you |
| 52 | have downloaded, and `/dev/sdx` with your drive. |
| 53 | |
| 54 | |
| 55 | ## Booting up from the USB {#booting-up-from-the-usb} |
| 56 | |
| 57 | After creating the install USB, reboot your laptop and hold the alt |
| 58 | key and boot into the USB. |
| 59 | |
| 60 | When booting is complete and you're presented with the prompt, it's a |
| 61 | good time to make sure you're connected to the internet (see the |
| 62 | _note_ at the top of this post). |
| 63 | |
| 64 | Use `ping` to verify that you've established a connection: |
| 65 | |
| 66 | ```bash |
| 67 | ping archlinux.org |
| 68 | ``` |
| 69 | |
| 70 | |
| 71 | ## Updating the system clock {#updating-the-system-clock} |
| 72 | |
| 73 | Once you're connected to the internet, make sure the system clock is |
| 74 | accurate: |
| 75 | |
| 76 | ```bash |
| 77 | timedatectl set-ntp true # start and enable systemd-timesyncd |
| 78 | ``` |
| 79 | |
| 80 | You can check the service status using `timedatectl status`. |
| 81 | |
| 82 | |
| 83 | ## Partitioning {#partitioning} |
| 84 | |
| 85 | I won't dive into partitioning and instead, I'll refer you to the |
| 86 | [Partitioning](https://wiki.archlinux.org/index.php/Partitioning) page of Arch wiki. Of the available partitioning tools, I |
| 87 | personally prefer `cfdisk`. |
| 88 | |
| 89 | |
| 90 | ## Setting up LVM & LUKS {#setting-up-lvm-and-luks} |
| 91 | |
| 92 | I use a [LVM on LUKS](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting%5Fan%5Fentire%5Fsystem#LVM%5Fon%5FLUKS) setup, where I set up LVM on top of the encrypted |
| 93 | partition. |
| 94 | |
| 95 | First, let's set up the underlying encrypted partition: |
| 96 | |
| 97 | ```bash |
| 98 | cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 \ |
| 99 | --iter-time 5000 --use-urandom -y luksFormat /dev/sdaX |
| 100 | ``` |
| 101 | |
| 102 | where `/dev/sdaX` is the partition you created in the last step |
| 103 | (e.g. `/dev/sda4`). For more information about the `cryptsetup` |
| 104 | options, see the [LUKS encryption options](https://wiki.archlinux.org/index.php/Dm-crypt/Device%5Fencryption#Encryption%5Foptions%5Ffor%5FLUKS%5Fmode). |
| 105 | |
| 106 | Then we open the container: |
| 107 | |
| 108 | ```bash |
| 109 | cryptsetup open --type luks /dev/sdaX lvm |
| 110 | ``` |
| 111 | |
| 112 | Now it's time to use lvm and prepare the logical volume(s): |
| 113 | |
| 114 | ```bash |
| 115 | pvcreate /dev/mapper/lvm |
| 116 | vgcreate vg /dev/mapper/lvm |
| 117 | lvcreate --extents +100%FREE -n root vg |
| 118 | ``` |
| 119 | |
| 120 | This will create a physical volume on the mapping we just opened, |
| 121 | create a volume group named `vg` on the physical volume, and create a |
| 122 | logical volume named `root` that spans the entire volume group. More |
| 123 | complex setups are possible thanks to the great flexibility of lvm. |
| 124 | |
| 125 | We now format the logical volume with `ext4`: |
| 126 | |
| 127 | ```bash |
| 128 | mkfs.ext4 /dev/mapper/vg-root |
| 129 | ``` |
| 130 | |
| 131 | |
| 132 | ## Installing the base system {#installing-the-base-system} |
| 133 | |
| 134 | Let's mount the logical volume, make a directory for the mount point |
| 135 | of the boot partition, and mount the boot partition (`/dev/sda1`): |
| 136 | |
| 137 | ```bash |
| 138 | mount /dev/mapper/vg-root /mnt |
| 139 | mkdir /mnt/boot |
| 140 | mount /dev/sda1 /mnt/boot |
| 141 | ``` |
| 142 | |
| 143 | Finally, let's install the base system (and optionally `base-devel`): |
| 144 | |
| 145 | ```bash |
| 146 | pacstrap /mnt base base-devel |
| 147 | ``` |
| 148 | |
| 149 | |
| 150 | ## Configuring the system {#configuring-the-system} |
| 151 | |
| 152 | Let's generate the fstab: |
| 153 | |
| 154 | ```bash |
| 155 | genfstab -U /mnt >> /mnt/etc/fstab |
| 156 | ``` |
| 157 | |
| 158 | Use your favorite terminal-based editor, edit the fstab file and add |
| 159 | the `discard` option for the root partition to enable TRIM on the SSD. |
| 160 | |
| 161 | Now we change root into our newly installed system and will configure |
| 162 | it. Adjust these according to your own setup. |
| 163 | |
| 164 | ```bash |
| 165 | arch-chroot /mnt /bin/bash |
| 166 | passwd # set the root password |
| 167 | echo myhostname > /etc/hostname # set the hostname |
| 168 | ln -s /usr/share/zoneinfo/Canada/Eastern /etc/localtime # time zone |
| 169 | hwclock --systohc --utc # write system clock to hardware clock (UTC) |
| 170 | useradd -m -G wheel -s /bin/bash myuser # create myuser |
| 171 | passwd myuser # set the password for myuser |
| 172 | echo "myuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/myuser |
| 173 | # uncomment en_US.UTF-8 UTF-8 and other needed locales in /etc/locale.gen |
| 174 | locale-gen |
| 175 | echo LANG=en_US.UTF-8 > /etc/locale.conf |
| 176 | export LANG=en_US.UTF-8 |
| 177 | ``` |
| 178 | |
| 179 | Then adjust the initramfs hooks in `/etc/mkinitcpio.conf` and enable |
| 180 | the `encrypt` and `lvm2` hooks, and make sure `keyboard` is available |
| 181 | before `encrypt` so you can actually type in the LUKS password when |
| 182 | booting. Your `HOOKS` line should look similar to this: |
| 183 | |
| 184 | ```nil |
| 185 | HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck" |
| 186 | ``` |
| 187 | |
| 188 | After adjusting the hooks, build the initramfs: |
| 189 | |
| 190 | ```bash |
| 191 | mkinitcpio -p linux |
| 192 | ``` |
| 193 | |
| 194 | Now, install the `intel-ucode` package. We'll configure the bootloader |
| 195 | to enable intel microcode updates. |
| 196 | |
| 197 | ```bash |
| 198 | pacman -S intel-ucode |
| 199 | ``` |
| 200 | |
| 201 | Create the `/boot/loader/loader.conf` with the following content |
| 202 | (adjust the timeout to your liking): |
| 203 | |
| 204 | ```nil |
| 205 | default arch |
| 206 | timeout 3 |
| 207 | ``` |
| 208 | |
| 209 | Then create the entry for Arch: |
| 210 | |
| 211 | ```bash |
| 212 | mkdir -p /boot/loader/entries |
| 213 | touch /boot/loader/entries/arch.conf |
| 214 | ``` |
| 215 | |
| 216 | Now edit `/boot/loader/entries/arch.conf` to specify the Arch entry: |
| 217 | |
| 218 | ```nil |
| 219 | title Arch GNU/Linux |
| 220 | linux /vmlinuz-linux |
| 221 | initrd /intel-ucode.img |
| 222 | initrd /initramfs-linux.img |
| 223 | options cryptdevice=/dev/sdaX:vg:allow-discards root=/dev/mapper/vg-root rw |
| 224 | ``` |
| 225 | |
| 226 | Again, `/dev/sdaX` is the partition you created in the [partitioning](#partitioning) |
| 227 | step as the underlying encrypted partition. |
| 228 | |
| 229 | Finally, install the bootloader, exit the chroot, umount and reboot! |
| 230 | |
| 231 | ```bash |
| 232 | bootctl install |
| 233 | exit |
| 234 | umount -R /mnt |
| 235 | reboot |
| 236 | ``` |
| 237 | |
| 238 | |
| 239 | ## Post-installation recommendations {#post-installation-recommendations} |
| 240 | |
| 241 | Congratulations! You now have a minimal Arch installation. |
| 242 | |
| 243 | At this point, I usually install my favorite AUR helper, [pacaur](https://aur.archlinux.org/packages/pacaur/), then |
| 244 | I install the [broadcom-wl-dkms](https://aur.archlinux.org/packages/broadcom-wl-dkms/) wireless driver and [mba6x\_bl-dkms](https://aur.archlinux.org/packages/mba6x%5Fbl-dkms/) |
| 245 | backlight driver to fix the post suspend/resume issue where three's no |
| 246 | brightness after waking up from suspend, and the only available |
| 247 | brightness would be 100%. |
| 248 | |
| 249 | ```bash |
| 250 | pacaur -S linux-headers dkms # linux-headers is required for dkms |
| 251 | pacaur -S broadcom-wl-dkms |
| 252 | pacaur -S mba6x_bl-dkms |
| 253 | ``` |
| 254 | |
| 255 | Then, I'd like to install |
| 256 | |
| 257 | - input, graphics, and sound drivers, |
| 258 | - a desktop environment (I prefer Xfce or LXQt), |
| 259 | - a display manager for login screen (lightdm or sddm), and |
| 260 | - a network manager (NetworkManager or ConnMan). |
| 261 | |
| 262 | Check out the [General recommendations](https://wiki.archlinux.org/index.php/General%5Frecommendations) for more details. |
| 263 | |
| 264 | |
| 265 | ## References {#references} |
| 266 | |
| 267 | Here are some resources I've come across each with lots of useful bits |
| 268 | and pieces, about installing Arch on a MacBook: |
| 269 | |
| 270 | - [pandeiro/arch-on-air](https://github.com/pandeiro/arch-on-air) |
| 271 | - [Arch Linux on MacBook Pro Retina 2014 with DM-Crypt, LVM and suspend to disk](https://loicpefferkorn.net/2015/01/arch-linux-on-macbook-pro-retina-2014-with-dm-crypt-lvm-and-suspend-to-disk/) |
| 272 | - [Installing Archlinux on Macbook Air 2013](http://frankshin.com/installing-archlinux-on-macbook-air-2013/) |
| 273 | - [Arch Linux Installation with OS X on Macbook Air (Dual Boot)](http://panks.me/posts/2013/06/arch-linux-installation-with-os-x-on-macbook-air-dual-boot/) |
| 274 | - [Installing (encrypted) Arch Linux on an Apple MacBook Pro](https://visual-assault.org/2016/03/05/install-encrypted-arch-linux-on-apple-macbook-pro/) |
| 275 | - [Installing Arch Linux on a MacBook Air 2013](http://alexeyzabelin.com/arch-on-mac) |
| 276 | - [Arch Linux running on my MacBook](https://medium.com/phils-thought-bubble-of-recent-stuff/arch-linux-running-on-my-macbook-2ea525ebefe3) |
| 277 | - [Dual boot Arch Linux on MacBook Pro Installation](http://codylittlewood.com/arch-linux-on-macbook-pro-installation/) |
| 278 | |
| 279 | [//]: # "Exported with love from a post written in Org mode" |
| 280 | [//]: # "- https://github.com/kaushalmodi/ox-hugo" |