add /gpg and update /contact

[~bandali/bndl.org] / source / 2016 / 11 / arch-macbook-air.org

#+title: Arch Linux on MacBook Air 2013
#+date: [2016-11-01 Tue]
#+options: ^:nil

#+include: "../../macros.org"

This post summarizes how I install and dual-boot Arch Linux with
Full-Disk Encryption alongside macOS.  It is not meant to be a
replacement for the [[https://wiki.archlinux.org/index.php/installation_guide][Installation Guide]] or the former [[https://csdietz.github.io/arch-beginner-guide/][Beginner's Guide]].
Rather, it mostly serves as a small summary with a few useful notes
about the gotchas.

So, make sure you understand what you type into your terminal.  If you
don't, checking out the Arch wiki should probably be your first step.

/Note:/ you will need internet access throughout the installation and
the MacBook Air's WiFi doesn't work out of the box on Arch Linux.  I
recommend using your phone's USB Tethering (if it does support it), or
using an Ethernet-USB adapter.

* Shrinking the macOS partition

The first step I take is resizing the HFS+ macOS partition to make
room for the new {{{abbr(GNU/Linux)}}} installation.  There are plenty
of tutorials on how to do this using macOS's Disk Utility, so do that
and then come back!

* Creating a bootable Arch Linux Installer USB

There are different ways of creating a bootable Arch Linux USB, all
documented on the [[https://wiki.archlinux.org/index.php/USB_flash_installation_media][USB flash installation media]] page on the Arch wiki,
but the simplest one is using =dd= if you already have access to
another UNIX system.

{{{span(red,Warning:)}}} make sure you backup the data on your flash
drive, as =dd= will irrevocably destroy all data on it.

Use =lsblk= to find the name (block device) of your USB drive, then
run =dd= (as root) as shown below:

#+begin_src bash
dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync
#+end_src

Replace =/path/to/archlinux.iso= with the path to the Arch image you
have downloaded, and =/dev/sdx= with your drive.

* Booting up from the USB

After creating the install USB, reboot your laptop and hold the alt
key and boot into the USB.

When booting is complete and you're presented with the prompt, it's a
good time to make sure you're connected to the internet (see the
/note/ at the top of this post).

Use =ping= to verify that you've established a connection:

#+begin_src bash
ping archlinux.org
#+end_src

* Updating the system clock

Once you're connected to the internet, make sure the system clock is
accurate:

#+begin_src bash
timedatectl set-ntp true  # start and enable systemd-timesyncd
#+end_src

You can check the service status using =timedatectl status=.

* Partitioning
:PROPERTIES:
:CUSTOM_ID: partitioning
:END:

I won't dive into partitioning and instead, I'll refer you to the
[[https://wiki.archlinux.org/index.php/Partitioning][Partitioning]] page of Arch wiki. Of the available partitioning tools, I
personally prefer =cfdisk=.

* Setting up LVM & LUKS

I use a [[https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS][LVM on LUKS]] setup, where I set up LVM on top of the encrypted
partition.

First, let's set up the underlying encrypted partition:

#+begin_src bash
cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
           --iter-time 5000 --use-urandom -y luksFormat /dev/sdaX
#+end_src

where =/dev/sdaX= is the partition you created in the last step
(e.g. =/dev/sda4=). For more information about the =cryptsetup=
options, see the [[https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode][LUKS encryption options]].

Then we open the container:

#+begin_src bash
cryptsetup open --type luks /dev/sdaX lvm
#+end_src

Now it's time to use lvm and prepare the logical volume(s):

#+begin_src bash
pvcreate /dev/mapper/lvm
vgcreate vg /dev/mapper/lvm
lvcreate --extents +100%FREE -n root vg
#+end_src

This will create a physical volume on the mapping we just opened,
create a volume group named =vg= on the physical volume, and create a
logical volume named =root= that spans the entire volume group. More
complex setups are possible thanks to the great flexibility of lvm.

We now format the logical volume with =ext4=:

#+begin_src bash
mkfs.ext4 /dev/mapper/vg-root
#+end_src

* Installing the base system

Let's mount the logical volume, make a directory for the mount point
of the boot partition, and mount the boot partition (=/dev/sda1=):

#+begin_src bash
mount /dev/mapper/vg-root /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
#+end_src

Finally, let's install the base system (and optionally =base-devel=):

#+begin_src bash
pacstrap /mnt base base-devel
#+end_src

* Configuring the system

Let's generate the fstab:

#+begin_src bash
genfstab -U /mnt >> /mnt/etc/fstab
#+end_src

Use your favorite terminal-based editor, edit the fstab file and add
the =discard= option for the root partition to enable TRIM on the SSD.

Now we change root into our newly installed system and will configure
it. Adjust these according to your own setup.

#+begin_src bash
arch-chroot /mnt /bin/bash
passwd  # set the root password
echo myhostname > /etc/hostname  # set the hostname
ln -s /usr/share/zoneinfo/Canada/Eastern /etc/localtime  # time zone
hwclock --systohc --utc   # write system clock to hardware clock (UTC)
useradd -m -G wheel -s /bin/bash myuser  # create myuser
passwd myuser  # set the password for myuser
echo "myuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/myuser
# uncomment en_US.UTF-8 UTF-8 and other needed locales in /etc/locale.gen
locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8
#+end_src

Then adjust the initramfs hooks in =/etc/mkinitcpio.conf= and enable
the =encrypt= and =lvm2= hooks, and make sure =keyboard= is available
before =encrypt= so you can actually type in the LUKS password when
booting. Your =HOOKS= line should look similar to this:

#+begin_src
HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck"
#+end_src

After adjusting the hooks, build the initramfs:

#+begin_src bash
mkinitcpio -p linux
#+end_src

Now, install the =intel-ucode= package. We'll configure the bootloader
to enable intel microcode updates.

#+begin_src bash
pacman -S intel-ucode
#+end_src

Create the =/boot/loader/loader.conf= with the following content
(adjust the timeout to your liking):

#+begin_src
default arch
timeout 3
#+end_src

Then create the entry for Arch:

#+begin_src bash
mkdir -p /boot/loader/entries
touch /boot/loader/entries/arch.conf
#+end_src

Now edit =/boot/loader/entries/arch.conf= to specify the Arch entry:

#+begin_src
title    Arch Linux
linux    /vmlinuz-linux
initrd   /intel-ucode.img
initrd   /initramfs-linux.img
options  cryptdevice=/dev/sdaX:vg:allow-discards root=/dev/mapper/vg-root rw
#+end_src

Again, =/dev/sdaX= is the partition you created in the [[#partitioning][partitioning]]
step as the underlying encrypted partition.

Finally, install the bootloader, exit the chroot, umount and reboot!

#+begin_src bash
bootctl install
exit
umount -R /mnt
reboot
#+end_src

* Post-installation recommendations

Congratulations! You now have a minimal Arch installation.

At this point, I usually install my favorite AUR helper, [[https://aur.archlinux.org/packages/pacaur/][pacaur]], then
I install the [[https://aur.archlinux.org/packages/broadcom-wl-dkms/][broadcom-wl-dkms]] wireless driver and [[https://aur.archlinux.org/packages/mba6x_bl-dkms/][mba6x_bl-dkms]]
backlight driver to fix the post suspend/resume issue where three's no
brightness after waking up from suspend, and the only available
brightness would be 100%.

#+begin_src bash
pacaur -S linux-headers dkms  # linux-headers is required for dkms
pacaur -S broadcom-wl-dkms
pacaur -S mba6x_bl-dkms
#+end_src

Then, I'd like to install

- input, graphics, and sound drivers,
- a desktop environment (I prefer Xfce or LXQt),
- a display manager for login screen (lightdm or sddm), and
- a network manager (NetworkManager or ConnMan).

Check out the [[https://wiki.archlinux.org/index.php/General_recommendations][General recommendations]] for more details.

* References

Here are some resources I've come across each with lots of useful bits
and pieces, about installing Arch on a MacBook:

- [[https://github.com/pandeiro/arch-on-air][pandeiro/arch-on-air]]
- [[https://loicpefferkorn.net/2015/01/arch-linux-on-macbook-pro-retina-2014-with-dm-crypt-lvm-and-suspend-to-disk/][Arch Linux on MacBook Pro Retina 2014 with DM-Crypt, LVM and suspend to disk]]
- [[http://frankshin.com/installing-archlinux-on-macbook-air-2013/][Installing Archlinux on Macbook Air 2013]]
- [[http://panks.me/posts/2013/06/arch-linux-installation-with-os-x-on-macbook-air-dual-boot/][Arch Linux Installation with OS X on Macbook Air (Dual Boot)]]
- [[https://visual-assault.org/2016/03/05/install-encrypted-arch-linux-on-apple-macbook-pro/][Installing (encrypted) Arch Linux on an Apple MacBook Pro]]
- [[http://alexeyzabelin.com/arch-on-mac][Installing Arch Linux on a MacBook Air 2013]]
- [[https://medium.com/phils-thought-bubble-of-recent-stuff/arch-linux-running-on-my-macbook-2ea525ebefe3][Arch Linux running on my MacBook]]
- [[http://codylittlewood.com/arch-linux-on-macbook-pro-installation/][Dual boot Arch Linux on MacBook Pro Installation]]