Install Arch Linux on a Dell XPS 13 9310 with Disk Encryption

I am mostly just writing this down as a reference for my future self. I recently got a Dell XPS 13 9310 “developer edition” laptop, which came preinstalled with Ubuntu Focal. Since I know all the hardware is Linux compatible I installed Arch. The laptop ships with a NVME HDD and is configured for UEFI booting, so that’s what is represented here.

This is largely copied from this existing gist and most of the credit for figuring all of this out is due to Mohammad Javad Naderi.

Disable Secure Boot

Prepare a USB Flash Drive

Since we are booting it via UEFI, you want to extract the ISO image to an empty, FAT formatted flash drive. I did this from a different Linux laptop using 7z.

# 7z x archlinux-2021.01.01-x86_64.iso -o/path/to/FLASHDRIVE

You need to explicitly label the Flash drive with what the computer expects it to be named or it won’t boot. For the ISO referenced above, the correct label is ARCH_202101. On my system, this was done with the command

# sudo mlabel ::'ARCH_202101' -i '/dev/sda1'

You may need to use something other than /dev/sda1 depending on where the device shows up for you.

Boot the Flash Drive

Partition the Hard Drive

# cfdisk /dev/nvme0n1

First, delete all the existing partitions. Next create a new partition that is 512M in size. Change the type of this partition to EFI System which is the top choice on the Type menu. Next, create a second partition which is the rest of the size of the disk. Write the partition table to the desk and exit.

Format the Partitions

# mkfs.vfat -F32 /dev/nvme0n1p1

Next, we’ll set up our encrypted partition.

# cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/nvme0n1p2
# cryptsetup luksOpen /dev/nvme0n1p2 luks

You’ll be asked for a password after the first cryptsetup command. You must remember this password as you won't be able to boot into the system later without it. If you forget this password, all the data on the computer will be unrecoverable, so pick something good that you'll remember.

Now, we need to set up our logical volumes. I just use two, one for swap, and one for the filesystem.

# pvcreate /dev/mapper/luks
# vgcreate vg0 /dev/mapper/luks
# lvcreate --size 16G vg0 --name swap
# lvcreate -l +100%FREE vg0 --name arch

Finally, let’s put filesystems on the LVM partitions

# mkfs.ext4 /dev/mapper/vg0-arch
# mkswap /dev/mapper/vg0-swap

and mount them.

# mount /dev/mapper/vg0-arch /mnt
# mkdir /mnt/boot
# mount /dev/nvme0n1p1 /mnt/boot
# swapon /dev/mapper/vg0-swap

Get on the Network

# iwctl

to bring up the interactive [iwd] prompt. From the prompt, type

[iwd]# station wlan0 connect <ssid>

where <ssid> is your wireless network name. It will ask you for the password. There will be no success or failure indication when you do this. Next, type

[iwd]# exit

to get out of the interactive prompt. Check that you have network connectivity now with something like:

# ping -c 3

Assuming you can ping Google, you should be in good shape.

Install the System

# pacstrap -i /mnt base base-devel linux linux-firmware openssh git vim lvm2 efibootmgr

We’ll need to generate a fstab.

# genfstab -pU /mnt >> /mnt/etc/fstab

Now, let’s chroot into the system and set some things up that we’ll want.

# arch-chroot /mnt /bin/bash

Set the timezone and locale

# cd /etc
# ln -s /usr/share/zoneinfo/America/Los_Angeles localtime
# echo LANG=en_US.UTF-8 > /etc/locale.conf
# vim /etc/locale.gen

and uncomment en_US.UTF-8 UTF-8, then

# locale-gen

I picked the host name idril for my laptop, but insert whatever you choose.

# echo idril > /etc/hostname
# hostnamectl set-hostname idril
# echo " localhost" >> /etc/hosts
# echo "::1 localhost" >> /etc/hosts
# echo " idril" >> /etc/hosts

Create a user, my standard username is chl but insert whatever you choose here.

# useradd -m -g users -G wheel -s /bin/bash chl
# passwd chl

This will let you set the password for your user. Then do

# visudo

and uncomment

%wheel ALL=(ALL) ALL

to give your user sudo access. I also did

# passwd

to set a password for my root user.

Next on the list is to configure mkinitcpio with the modules it needs.

# cd /etc
# vim mkinitcpio.conf

You want to add ext4 to MODULES. Then, you want to add encrypt and lvm2 to HOOKS before filesystems. This is what just those two lines from that file look like on my system:

HOOKS=(base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck)

Don’t touch anything else in there. Then run:

# mkinitcpio -p linux

We’re getting pretty close to having the base system ready to go. The last thing we need is to install the bootloader grub and set it up.

# pacman -S grub
# grub-install --target=x86_64-efi --efi-directory=/boot --recheck

To configure grub, you'll edit a file:

# vim /etc/default/grub

and set GRUB_CMDLINE_LINUX as follows


and then run

# grub-mkconfig -o /boot/grub/grub.cfg

Note that if you are trying to boot multiple operating systems, you would run os-prober before the grub-mkconfig command listed above.

If grub-mkconfig completes successfully, then you should have the system installed. But, it's not very much fun to use at this point, so let's do a bit more work.

Install a Desktop Environment

# pacman -S mate mate-extra

will install the MATE desktop. We also need to install and set up a display manager.

# pacman -S lightdm lightdm-gtk-greeter
# systemctl enable lightdm

A desktop environment isn’t much use without X, so let’s do

# pacman -S xorg-server xf86-video-intel

We’ll also want our normal desktop networking setup:

# pacman -S networkmanager network-manager-applet bluetooth bluez
# systemctl enable networkmanager
# systemctl enable bluetooth

We need some extra firmware to make the sound card work correctly.

# pacman -S sof-firmware

And last, let’s make sure things look nice and legible.

# pacman -S noto-fonts ttf-dejavu ttf-liberation

Finish Up

# exit

then unmount things and shut down.

# umount -R /mnt
# swapoff -a
# poweroff

Now you should be able to remove the flash drive, power the computer on, and boot into Arch Linux. You’ll be asked to enter a password to unlock /dev/nvme0n1p2 and you'll use the password from the cryptsetup step earlier.


Originally published at Chris Lea.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store