X-Git-Url: https://git.shemshak.org/~bandali/bndl.org/blobdiff_plain/65641ab439f507b8cf0f24bca67b03fbcfbfa218..b307aaa9dfa368f039b2ea79efadfc217d3f3355:/source/2016/11/arch-macbook-air.org diff --git a/source/2016/11/arch-macbook-air.org b/source/2016/11/arch-macbook-air.org new file mode 100644 index 0000000..b808320 --- /dev/null +++ b/source/2016/11/arch-macbook-air.org @@ -0,0 +1,266 @@ +#+title: Arch Linux on MacBook Air 2013 +#+date: [2016-11-01 Tue] +#+options: ^:nil + +#+include: "../../macros.org" + +This post summarizes how I install and dual-boot Arch Linux with +Full-Disk Encryption alongside macOS. It is not meant to be a +replacement for the [[https://wiki.archlinux.org/index.php/installation_guide][Installation Guide]] or the former [[https://csdietz.github.io/arch-beginner-guide/][Beginner's Guide]]. +Rather, it mostly serves as a small summary with a few useful notes +about the gotchas. + +So, make sure you understand what you type into your terminal. If you +don't, checking out the Arch wiki should probably be your first step. + +/Note:/ you will need internet access throughout the installation and +the MacBook Air's WiFi doesn't work out of the box on Arch Linux. I +recommend using your phone's USB Tethering (if it does support it), or +using an Ethernet-USB adapter. + +* Shrinking the macOS partition + +The first step I take is resizing the HFS+ macOS partition to make +room for the new {{{abbr(GNU/Linux)}}} installation. There are plenty +of tutorials on how to do this using macOS's Disk Utility, so do that +and then come back! + +* Creating a bootable Arch Linux Installer USB + +There are different ways of creating a bootable Arch Linux USB, all +documented on the [[https://wiki.archlinux.org/index.php/USB_flash_installation_media][USB flash installation media]] page on the Arch wiki, +but the simplest one is using =dd= if you already have access to +another UNIX system. + +{{{span(red,Warning:)}}} make sure you backup the data on your flash +drive, as =dd= will irrevocably destroy all data on it. + +Use =lsblk= to find the name (block device) of your USB drive, then +run =dd= (as root) as shown below: + +#+begin_src bash +dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync +#+end_src + +Replace =/path/to/archlinux.iso= with the path to the Arch image you +have downloaded, and =/dev/sdx= with your drive. + +* Booting up from the USB + +After creating the install USB, reboot your laptop and hold the alt +key and boot into the USB. + +When booting is complete and you're presented with the prompt, it's a +good time to make sure you're connected to the internet (see the +/note/ at the top of this post). + +Use =ping= to verify that you've established a connection: + +#+begin_src bash +ping archlinux.org +#+end_src + +* Updating the system clock + +Once you're connected to the internet, make sure the system clock is +accurate: + +#+begin_src bash +timedatectl set-ntp true # start and enable systemd-timesyncd +#+end_src + +You can check the service status using =timedatectl status=. + +* Partitioning +:PROPERTIES: +:CUSTOM_ID: partitioning +:END: + +I won't dive into partitioning and instead, I'll refer you to the +[[https://wiki.archlinux.org/index.php/Partitioning][Partitioning]] page of Arch wiki. Of the available partitioning tools, I +personally prefer =cfdisk=. + +* Setting up LVM & LUKS + +I use a [[https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS][LVM on LUKS]] setup, where I set up LVM on top of the encrypted +partition. + +First, let's set up the underlying encrypted partition: + +#+begin_src bash +cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 \ + --iter-time 5000 --use-urandom -y luksFormat /dev/sdaX +#+end_src + +where =/dev/sdaX= is the partition you created in the last step +(e.g. =/dev/sda4=). For more information about the =cryptsetup= +options, see the [[https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode][LUKS encryption options]]. + +Then we open the container: + +#+begin_src bash +cryptsetup open --type luks /dev/sdaX lvm +#+end_src + +Now it's time to use lvm and prepare the logical volume(s): + +#+begin_src bash +pvcreate /dev/mapper/lvm +vgcreate vg /dev/mapper/lvm +lvcreate --extents +100%FREE -n root vg +#+end_src + +This will create a physical volume on the mapping we just opened, +create a volume group named =vg= on the physical volume, and create a +logical volume named =root= that spans the entire volume group. More +complex setups are possible thanks to the great flexibility of lvm. + +We now format the logical volume with =ext4=: + +#+begin_src bash +mkfs.ext4 /dev/mapper/vg-root +#+end_src + +* Installing the base system + +Let's mount the logical volume, make a directory for the mount point +of the boot partition, and mount the boot partition (=/dev/sda1=): + +#+begin_src bash +mount /dev/mapper/vg-root /mnt +mkdir /mnt/boot +mount /dev/sda1 /mnt/boot +#+end_src + +Finally, let's install the base system (and optionally =base-devel=): + +#+begin_src bash +pacstrap /mnt base base-devel +#+end_src + +* Configuring the system + +Let's generate the fstab: + +#+begin_src bash +genfstab -U /mnt >> /mnt/etc/fstab +#+end_src + +Use your favorite terminal-based editor, edit the fstab file and add +the =discard= option for the root partition to enable TRIM on the SSD. + +Now we change root into our newly installed system and will configure +it. Adjust these according to your own setup. + +#+begin_src bash +arch-chroot /mnt /bin/bash +passwd # set the root password +echo myhostname > /etc/hostname # set the hostname +ln -s /usr/share/zoneinfo/Canada/Eastern /etc/localtime # time zone +hwclock --systohc --utc # write system clock to hardware clock (UTC) +useradd -m -G wheel -s /bin/bash myuser # create myuser +passwd myuser # set the password for myuser +echo "myuser ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/myuser +# uncomment en_US.UTF-8 UTF-8 and other needed locales in /etc/locale.gen +locale-gen +echo LANG=en_US.UTF-8 > /etc/locale.conf +export LANG=en_US.UTF-8 +#+end_src + +Then adjust the initramfs hooks in =/etc/mkinitcpio.conf= and enable +the =encrypt= and =lvm2= hooks, and make sure =keyboard= is available +before =encrypt= so you can actually type in the LUKS password when +booting. Your =HOOKS= line should look similar to this: + +#+begin_src +HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck" +#+end_src + +After adjusting the hooks, build the initramfs: + +#+begin_src bash +mkinitcpio -p linux +#+end_src + +Now, install the =intel-ucode= package. We'll configure the bootloader +to enable intel microcode updates. + +#+begin_src bash +pacman -S intel-ucode +#+end_src + +Create the =/boot/loader/loader.conf= with the following content +(adjust the timeout to your liking): + +#+begin_src +default arch +timeout 3 +#+end_src + +Then create the entry for Arch: + +#+begin_src bash +mkdir -p /boot/loader/entries +touch /boot/loader/entries/arch.conf +#+end_src + +Now edit =/boot/loader/entries/arch.conf= to specify the Arch entry: + +#+begin_src +title Arch Linux +linux /vmlinuz-linux +initrd /intel-ucode.img +initrd /initramfs-linux.img +options cryptdevice=/dev/sdaX:vg:allow-discards root=/dev/mapper/vg-root rw +#+end_src + +Again, =/dev/sdaX= is the partition you created in the [[#partitioning][partitioning]] +step as the underlying encrypted partition. + +Finally, install the bootloader, exit the chroot, umount and reboot! + +#+begin_src bash +bootctl install +exit +umount -R /mnt +reboot +#+end_src + +* Post-installation recommendations + +Congratulations! You now have a minimal Arch installation. + +At this point, I usually install my favorite AUR helper, [[https://aur.archlinux.org/packages/pacaur/][pacaur]], then +I install the [[https://aur.archlinux.org/packages/broadcom-wl-dkms/][broadcom-wl-dkms]] wireless driver and [[https://aur.archlinux.org/packages/mba6x_bl-dkms/][mba6x_bl-dkms]] +backlight driver to fix the post suspend/resume issue where three's no +brightness after waking up from suspend, and the only available +brightness would be 100%. + +#+begin_src bash +pacaur -S linux-headers dkms # linux-headers is required for dkms +pacaur -S broadcom-wl-dkms +pacaur -S mba6x_bl-dkms +#+end_src + +Then, I'd like to install + +- input, graphics, and sound drivers, +- a desktop environment (I prefer Xfce or LXQt), +- a display manager for login screen (lightdm or sddm), and +- a network manager (NetworkManager or ConnMan). + +Check out the [[https://wiki.archlinux.org/index.php/General_recommendations][General recommendations]] for more details. + +* References + +Here are some resources I've come across each with lots of useful bits +and pieces, about installing Arch on a MacBook: + +- [[https://github.com/pandeiro/arch-on-air][pandeiro/arch-on-air]] +- [[https://loicpefferkorn.net/2015/01/arch-linux-on-macbook-pro-retina-2014-with-dm-crypt-lvm-and-suspend-to-disk/][Arch Linux on MacBook Pro Retina 2014 with DM-Crypt, LVM and suspend to disk]] +- [[http://frankshin.com/installing-archlinux-on-macbook-air-2013/][Installing Archlinux on Macbook Air 2013]] +- [[http://panks.me/posts/2013/06/arch-linux-installation-with-os-x-on-macbook-air-dual-boot/][Arch Linux Installation with OS X on Macbook Air (Dual Boot)]] +- [[https://visual-assault.org/2016/03/05/install-encrypted-arch-linux-on-apple-macbook-pro/][Installing (encrypted) Arch Linux on an Apple MacBook Pro]] +- [[http://alexeyzabelin.com/arch-on-mac][Installing Arch Linux on a MacBook Air 2013]] +- [[https://medium.com/phils-thought-bubble-of-recent-stuff/arch-linux-running-on-my-macbook-2ea525ebefe3][Arch Linux running on my MacBook]] +- [[http://codylittlewood.com/arch-linux-on-macbook-pro-installation/][Dual boot Arch Linux on MacBook Pro Installation]]