--- /dev/null
+#+title: Arch Linux on MacBook Air 2013
+#+date: [2016-11-01 Tue]
+#+options: ^:nil
+
+#+include: "../../macros.org"
+
+This post summarizes how I install and dual-boot Arch Linux with
+Full-Disk Encryption alongside macOS. It is not meant to be a
+replacement for the [[https://wiki.archlinux.org/index.php/installation_guide][Installation Guide]] or the former [[https://csdietz.github.io/arch-beginner-guide/][Beginner's Guide]].
+Rather, it mostly serves as a small summary with a few useful notes
+about the gotchas.
+
+So, make sure you understand what you type into your terminal. If you
+don't, checking out the Arch wiki should probably be your first step.
+
+/Note:/ you will need internet access throughout the installation and
+the MacBook Air's WiFi doesn't work out of the box on Arch Linux. I
+recommend using your phone's USB Tethering (if it does support it), or
+using an Ethernet-USB adapter.
+
+* Shrinking the macOS partition
+
+The first step I take is resizing the HFS+ macOS partition to make
+room for the new {{{abbr(GNU/Linux)}}} installation. There are plenty
+of tutorials on how to do this using macOS's Disk Utility, so do that
+and then come back!
+
+* Creating a bootable Arch Linux Installer USB
+
+There are different ways of creating a bootable Arch Linux USB, all
+documented on the [[https://wiki.archlinux.org/index.php/USB_flash_installation_media][USB flash installation media]] page on the Arch wiki,
+but the simplest one is using =dd= if you already have access to
+another UNIX system.
+
+{{{span(red,Warning:)}}} make sure you backup the data on your flash
+drive, as =dd= will irrevocably destroy all data on it.
+
+Use =lsblk= to find the name (block device) of your USB drive, then
+run =dd= (as root) as shown below:
+
+#+begin_src bash
+dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync
+#+end_src
+
+Replace =/path/to/archlinux.iso= with the path to the Arch image you
+have downloaded, and =/dev/sdx= with your drive.
+
+* Booting up from the USB
+
+After creating the install USB, reboot your laptop and hold the alt
+key and boot into the USB.
+
+When booting is complete and you're presented with the prompt, it's a
+good time to make sure you're connected to the internet (see the
+/note/ at the top of this post).
+
+Use =ping= to verify that you've established a connection:
+
+#+begin_src bash
+ping archlinux.org
+#+end_src
+
+* Updating the system clock
+
+Once you're connected to the internet, make sure the system clock is
+accurate:
+
+#+begin_src bash
+timedatectl set-ntp true # start and enable systemd-timesyncd
+#+end_src
+
+You can check the service status using =timedatectl status=.
+
+* Partitioning
+:PROPERTIES:
+:CUSTOM_ID: partitioning
+:END:
+
+I won't dive into partitioning and instead, I'll refer you to the
+[[https://wiki.archlinux.org/index.php/Partitioning][Partitioning]] page of Arch wiki. Of the available partitioning tools, I
+personally prefer =cfdisk=.
+
+* Setting up LVM & LUKS
+
+I use a [[https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS][LVM on LUKS]] setup, where I set up LVM on top of the encrypted
+partition.
+
+First, let's set up the underlying encrypted partition:
+
+#+begin_src bash
+cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 \
+ --iter-time 5000 --use-urandom -y luksFormat /dev/sdaX
+#+end_src
+
+where =/dev/sdaX= is the partition you created in the last step
+(e.g. =/dev/sda4=). For more information about the =cryptsetup=
+options, see the [[https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode][LUKS encryption options]].
+
+Then we open the container:
+
+#+begin_src bash
+cryptsetup open --type luks /dev/sdaX lvm
+#+end_src
+
+Now it's time to use lvm and prepare the logical volume(s):
+
+#+begin_src bash
+pvcreate /dev/mapper/lvm
+vgcreate vg /dev/mapper/lvm
+lvcreate --extents +100%FREE -n root vg
+#+end_src
+
+This will create a physical volume on the mapping we just opened,
+create a volume group named =vg= on the physical volume, and create a
+logical volume named =root= that spans the entire volume group. More
+complex setups are possible thanks to the great flexibility of lvm.
+
+We now format the logical volume with =ext4=:
+
+#+begin_src bash
+mkfs.ext4 /dev/mapper/vg-root
+#+end_src
+
+* Installing the base system
+
+Let's mount the logical volume, make a directory for the mount point
+of the boot partition, and mount the boot partition (=/dev/sda1=):
+
+#+begin_src bash
+mount /dev/mapper/vg-root /mnt
+mkdir /mnt/boot
+mount /dev/sda1 /mnt/boot
+#+end_src
+
+Finally, let's install the base system (and optionally =base-devel=):
+
+#+begin_src bash
+pacstrap /mnt base base-devel
+#+end_src
+
+* Configuring the system
+
+Let's generate the fstab:
+
+#+begin_src bash
+genfstab -U /mnt >> /mnt/etc/fstab
+#+end_src
+
+Use your favorite terminal-based editor, edit the fstab file and add
+the =discard= option for the root partition to enable TRIM on the SSD.
+
+Now we change root into our newly installed system and will configure
+it. Adjust these according to your own setup.
+
+#+begin_src bash
+arch-chroot /mnt /bin/bash
+passwd # set the root password
+echo myhostname > /etc/hostname # set the hostname
+ln -s /usr/share/zoneinfo/Canada/Eastern /etc/localtime # time zone
+hwclock --systohc --utc # write system clock to hardware clock (UTC)
+useradd -m -G wheel -s /bin/bash myuser # create myuser
+passwd myuser # set the password for myuser
+echo "myuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/myuser
+# uncomment en_US.UTF-8 UTF-8 and other needed locales in /etc/locale.gen
+locale-gen
+echo LANG=en_US.UTF-8 > /etc/locale.conf
+export LANG=en_US.UTF-8
+#+end_src
+
+Then adjust the initramfs hooks in =/etc/mkinitcpio.conf= and enable
+the =encrypt= and =lvm2= hooks, and make sure =keyboard= is available
+before =encrypt= so you can actually type in the LUKS password when
+booting. Your =HOOKS= line should look similar to this:
+
+#+begin_src
+HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck"
+#+end_src
+
+After adjusting the hooks, build the initramfs:
+
+#+begin_src bash
+mkinitcpio -p linux
+#+end_src
+
+Now, install the =intel-ucode= package. We'll configure the bootloader
+to enable intel microcode updates.
+
+#+begin_src bash
+pacman -S intel-ucode
+#+end_src
+
+Create the =/boot/loader/loader.conf= with the following content
+(adjust the timeout to your liking):
+
+#+begin_src
+default arch
+timeout 3
+#+end_src
+
+Then create the entry for Arch:
+
+#+begin_src bash
+mkdir -p /boot/loader/entries
+touch /boot/loader/entries/arch.conf
+#+end_src
+
+Now edit =/boot/loader/entries/arch.conf= to specify the Arch entry:
+
+#+begin_src
+title Arch Linux
+linux /vmlinuz-linux
+initrd /intel-ucode.img
+initrd /initramfs-linux.img
+options cryptdevice=/dev/sdaX:vg:allow-discards root=/dev/mapper/vg-root rw
+#+end_src
+
+Again, =/dev/sdaX= is the partition you created in the [[#partitioning][partitioning]]
+step as the underlying encrypted partition.
+
+Finally, install the bootloader, exit the chroot, umount and reboot!
+
+#+begin_src bash
+bootctl install
+exit
+umount -R /mnt
+reboot
+#+end_src
+
+* Post-installation recommendations
+
+Congratulations! You now have a minimal Arch installation.
+
+At this point, I usually install my favorite AUR helper, [[https://aur.archlinux.org/packages/pacaur/][pacaur]], then
+I install the [[https://aur.archlinux.org/packages/broadcom-wl-dkms/][broadcom-wl-dkms]] wireless driver and [[https://aur.archlinux.org/packages/mba6x_bl-dkms/][mba6x_bl-dkms]]
+backlight driver to fix the post suspend/resume issue where three's no
+brightness after waking up from suspend, and the only available
+brightness would be 100%.
+
+#+begin_src bash
+pacaur -S linux-headers dkms # linux-headers is required for dkms
+pacaur -S broadcom-wl-dkms
+pacaur -S mba6x_bl-dkms
+#+end_src
+
+Then, I'd like to install
+
+- input, graphics, and sound drivers,
+- a desktop environment (I prefer Xfce or LXQt),
+- a display manager for login screen (lightdm or sddm), and
+- a network manager (NetworkManager or ConnMan).
+
+Check out the [[https://wiki.archlinux.org/index.php/General_recommendations][General recommendations]] for more details.
+
+* References
+
+Here are some resources I've come across each with lots of useful bits
+and pieces, about installing Arch on a MacBook:
+
+- [[https://github.com/pandeiro/arch-on-air][pandeiro/arch-on-air]]
+- [[https://loicpefferkorn.net/2015/01/arch-linux-on-macbook-pro-retina-2014-with-dm-crypt-lvm-and-suspend-to-disk/][Arch Linux on MacBook Pro Retina 2014 with DM-Crypt, LVM and suspend to disk]]
+- [[http://frankshin.com/installing-archlinux-on-macbook-air-2013/][Installing Archlinux on Macbook Air 2013]]
+- [[http://panks.me/posts/2013/06/arch-linux-installation-with-os-x-on-macbook-air-dual-boot/][Arch Linux Installation with OS X on Macbook Air (Dual Boot)]]
+- [[https://visual-assault.org/2016/03/05/install-encrypted-arch-linux-on-apple-macbook-pro/][Installing (encrypted) Arch Linux on an Apple MacBook Pro]]
+- [[http://alexeyzabelin.com/arch-on-mac][Installing Arch Linux on a MacBook Air 2013]]
+- [[https://medium.com/phils-thought-bubble-of-recent-stuff/arch-linux-running-on-my-macbook-2ea525ebefe3][Arch Linux running on my MacBook]]
+- [[http://codylittlewood.com/arch-linux-on-macbook-pro-installation/][Dual boot Arch Linux on MacBook Pro Installation]]
projects / ~bandali / bndl.org / blobdiff