This post summarizes how I install and dual-boot Arch GNU/Linux with Full-Disk Encryption alongside macOS. It is not meant to be a replacement for the Installation Guide or the former Beginner's Guide. Rather, it mostly serves as a small summary with a few useful notes about the gotchas.

So, make sure you understand what you type into your terminal. If you don't, checking out the Arch wiki should probably be your first step.

Note: you will need internet access throughout the installation and the MacBook Air's WiFi doesn't work out of the box on Arch. I recommend using an Ethernet-USB adapter or your phone's USB Tethering feature (if it does support it).

Shrinking the macOS partition

The first step I take is resizing the HFS+ macOS partition to make room for the new GNU/Linux installation. There are plenty of tutorials on how to do this using macOS's Disk Utility, so do that and then come back!

Creating a bootable Arch Installer USB

There are different ways of creating a bootable Arch USB, all documented on the USB flash installation media page on the Arch wiki, but the simplest one is using dd if you already have access to another UNIX system.

Warning: make sure you backup the data on your flash drive, as dd will irrevocably destroy all data on it.

Use lsblk to find the name (block device) of your USB drive, then run dd (as root) as shown below:

dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync

Replace /path/to/archlinux.iso with the path to the Arch image you have downloaded, and /dev/sdx with your drive.

Booting up from the USB

After creating the install USB, reboot your laptop and hold the alt key and boot from the USB.

When booting is complete and you're presented with the prompt, it's a good time to make sure you're connected to the internet (see the note at the top of this post).

Use ping to verify that you have established a connection:

ping archlinux.org

Updating the system clock

Once you're connected to the internet, make sure the system clock is accurate:

timedatectl set-ntp true  # start and enable systemd-timesyncd

You can check the service status using timedatectl status.

Partitioning

I won't dive into partitioning and instead, I will refer you to the Partitioning page of Arch wiki. Of the available partitioning tools, I personally prefer cfdisk.

Setting up LVM & LUKS

I use an LVM on LUKS setup, where I set up LVM on top of the encrypted partition.

First, let's set up the underlying encrypted partition:

cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
           --iter-time 5000 --use-urandom -y luksFormat /dev/sdaX

where /dev/sdaX is the partition you created in the last step (e.g. /dev/sda4). For more information about the cryptsetup options, see the LUKS encryption options.

Then we open the container:

cryptsetup open --type luks /dev/sdaX lvm

Now it's time to use lvm and prepare the logical volume(s):

pvcreate /dev/mapper/lvm vgcreate vg /dev/mapper/lvm
lvcreate --extents +100%FREE -n root vg

This will create a physical volume on the mapping we just opened, create a volume group named vg on the physical volume, and create a logical volume named root that spans the entire volume group. More complex setups are possible thanks to the great flexibility of lvm.

We now format the logical volume with ext4:

mkfs.ext4 /dev/mapper/vg-root

Installing the base system

Let's mount the logical volume, make a directory for the mount point of the boot partition, and mount the boot partition (/dev/sda1):

mount /dev/mapper/vg-root /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

Finally, let's install the base system (and optionally base-devel):

pacstrap /mnt base base-devel

Configuring the system

Let's generate the fstab:

genfstab -U /mnt >> /mnt/etc/fstab

Use your favorite terminal-based editor, edit the fstab file and add the discard option for the root partition to enable TRIM on the SSD.

Now we change root into our newly installed system and will configure it. Adjust these according to your own setup.

arch-chroot /mnt /bin/bash
passwd # set the root password
echo myhostname > /etc/hostname # set the hostname
ln -s /usr/share/zoneinfo/Canada/Eastern /etc/localtime # time zone
hwclock --systohc --utc # write system clock to hardware clock (UTC)
useradd -m -G wheel -s /bin/bash myuser # create myuser
passwd myuser # set the password for myuser
echo "myuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/myuser
# uncomment en_US.UTF-8 UTF-8 and other needed locales in /etc/locale.gen
locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8

Then adjust the initramfs hooks in /etc/mkinitcpio.conf and enable the encrypt and lvm2 hooks, and make sure keyboard is available before encrypt so you can actually type in the LUKS password when booting. Your HOOKS line should look similar to this:

HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)

After adjusting the hooks, build the initramfs:

mkinitcpio -p linux

Create the /boot/loader/loader.conf with the following content (adjust the timeout to your liking):

default arch timeout 3

Then create the entry for Arch:

mkdir -p /boot/loader/entries
touch /boot/loader/entries/arch.conf

Now edit /boot/loader/entries/arch.conf to specify the Arch entry:

title Arch GNU/Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options cryptdevice=/dev/sdaX:vg:allow-discards root=/dev/mapper/vg-root rw

Again, /dev/sdaX is the partition you created in the partitioning step earlier as the underlying encrypted partition.

Finally, install the bootloader, exit the chroot, umount and reboot!

bootctl install
exit
umount -R /mnt
reboot

Post-installation recommendations

Congratulations! You now have a minimal Arch installation.

At this point, I usually install my favorite AUR helper, pacaur, then I install the mba6x_bl-dkms backlight driver to fix the post suspend/resume issue where there's no brightness after waking up from suspend, and the only available brightness would be 100%.

pacaur -S linux-headers dkms # linux-headers is required for dkms
pacaur -S broadcom-wl-dkms
pacaur -S mba6x_bl-dkms

Then, I'd like to install

Check out the General recommendations for more details.

References

Here are some resources I've come across each with lots of useful bits and pieces, about installing Arch on a MacBook: