This post summarizes how I install and dual-boot Arch GNU/Linux with Full-Disk Encryption alongside macOS. It is not meant to be a replacement for the Installation Guide or the former Beginner's Guide. Rather, it mostly serves as a small summary with a few useful notes about the gotchas.
So, make sure you understand what you type into your terminal. If you don't, checking out the Arch wiki should probably be your first step.
Note: you will need internet access throughout the installation and the MacBook Air's WiFi doesn't work out of the box on Arch. I recommend using an Ethernet-USB adapter or your phone's USB Tethering feature (if it does support it).
The first step I take is resizing the HFS+ macOS partition to make room for the new GNU/Linux installation. There are plenty of tutorials on how to do this using macOS's Disk Utility, so do that and then come back!
There are different ways of creating a bootable Arch USB, all
documented on the
USB
flash installation media page on the Arch wiki, but the simplest
one is using dd if you already have access to another
UNIX system.
Warning: make sure you backup the
data on your flash drive, as dd will irrevocably destroy
all data on it.
Use lsblk to find the name (block device) of your USB drive, then
run dd (as root) as shown below:
dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync
Replace /path/to/archlinux.iso with the path to the
Arch image you have downloaded, and /dev/sdx with your
drive.
After creating the install USB, reboot your laptop and hold the alt key and boot from the USB.
When booting is complete and you're presented with the prompt, it's a good time to make sure you're connected to the internet (see the note at the top of this post).
Use ping to verify that you have established a
connection:
ping archlinux.org
Once you're connected to the internet, make sure the system clock is accurate:
timedatectl set-ntp true # start and enable systemd-timesyncd
You can check the service status using timedatectl
status.
I won't dive into partitioning and instead, I will refer you to the
Partitioning
page of Arch wiki. Of the available partitioning tools, I personally
prefer cfdisk.
I use an LVM on LUKS setup, where I set up LVM on top of the encrypted partition.
First, let's set up the underlying encrypted partition:
cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
--iter-time 5000 --use-urandom -y luksFormat /dev/sdaX
where /dev/sdaX is the partition you created in the
last step (e.g. /dev/sda4). For more information about
the cryptsetup options, see the
LUKS
encryption options.
Then we open the container:
cryptsetup open --type luks /dev/sdaX lvm
Now it's time to use lvm and prepare the logical volume(s):
pvcreate /dev/mapper/lvm vgcreate vg /dev/mapper/lvm lvcreate --extents +100%FREE -n root vg
This will create a physical volume on the mapping we just opened,
create a volume group named vg on the physical volume,
and create a logical volume named root that spans the
entire volume group. More complex setups are possible thanks to the
great flexibility of lvm.
We now format the logical volume with ext4:
mkfs.ext4 /dev/mapper/vg-root
Let's mount the logical volume, make a directory for the mount
point of the boot partition, and mount the boot partition
(/dev/sda1):
mount /dev/mapper/vg-root /mnt mkdir /mnt/boot mount /dev/sda1 /mnt/boot
Finally, let's install the base system (and optionally
base-devel):
pacstrap /mnt base base-devel
Let's generate the fstab:
genfstab -U /mnt >> /mnt/etc/fstab
Use your favorite terminal-based editor, edit the fstab file and
add the discard option for the root partition to enable
TRIM on the SSD.
Now we change root into our newly installed system and will configure it. Adjust these according to your own setup.
arch-chroot /mnt /bin/bash passwd # set the root password echo myhostname > /etc/hostname # set the hostname ln -s /usr/share/zoneinfo/Canada/Eastern /etc/localtime # time zone hwclock --systohc --utc # write system clock to hardware clock (UTC) useradd -m -G wheel -s /bin/bash myuser # create myuser passwd myuser # set the password for myuser echo "myuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/myuser # uncomment en_US.UTF-8 UTF-8 and other needed locales in /etc/locale.gen locale-gen echo LANG=en_US.UTF-8 > /etc/locale.conf export LANG=en_US.UTF-8
Then adjust the initramfs hooks in
/etc/mkinitcpio.conf and enable the
encrypt and lvm2 hooks, and make sure
keyboard is available before encrypt so you
can actually type in the LUKS password when booting. Your
HOOKS line should look similar to this:
HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)
After adjusting the hooks, build the initramfs:
mkinitcpio -p linux
Create the /boot/loader/loader.conf with the following
content (adjust the timeout to your liking):
default arch timeout 3
Then create the entry for Arch:
mkdir -p /boot/loader/entries touch /boot/loader/entries/arch.conf
Now edit /boot/loader/entries/arch.conf to specify the
Arch entry:
title Arch GNU/Linux linux /vmlinuz-linux initrd /intel-ucode.img initrd /initramfs-linux.img options cryptdevice=/dev/sdaX:vg:allow-discards root=/dev/mapper/vg-root rw
Again, /dev/sdaX is the partition you created in the
partitioning step earlier as the underlying encrypted partition.
Finally, install the bootloader, exit the chroot, umount and reboot!
bootctl install exit umount -R /mnt reboot
Congratulations! You now have a minimal Arch installation.
At this point, I usually install my favorite AUR helper, pacaur, then I install the mba6x_bl-dkms backlight driver to fix the post suspend/resume issue where there's no brightness after waking up from suspend, and the only available brightness would be 100%.
pacaur -S linux-headers dkms # linux-headers is required for dkms pacaur -S broadcom-wl-dkms pacaur -S mba6x_bl-dkms
Then, I'd like to install
Check out the General recommendations for more details.
Here are some resources I've come across each with lots of useful bits and pieces, about installing Arch on a MacBook: