Install Arch Linux on a Dell XPS 13 9310 with Disk Encryption
I am mostly just writing this down as a reference for my future self. I recently got a Dell XPS 13 9310 “developer edition” laptop, which came preinstalled with Ubuntu Focal. Since I know all the hardware is Linux compatible I installed Arch. The laptop ships with a NVME HDD and is configured for UEFI booting, so that’s what is represented here.
This is largely copied from this existing gist and most of the credit for figuring all of this out is due to Mohammad Javad Naderi.
Disable Secure Boot
My laptop came with secure boot turned on, but this won’t work with Arch. Boot the laptop while hitting the F2
key until it shows that you're going into the BIOS setup. Once you're in there, find the area for secure boot, turn it off, hit the button to apply changes, and finally hit OK to exit.
Prepare a USB Flash Drive
Download an ISO image from the download site.
Since we are booting it via UEFI, you want to extract the ISO image to an empty, FAT formatted flash drive. I did this from a different Linux laptop using 7z.
# 7z x archlinux-2021.01.01-x86_64.iso -o/path/to/FLASHDRIVE
You need to explicitly label the Flash drive with what the computer expects it to be named or it won’t boot. For the ISO referenced above, the correct label is ARCH_202101
. On my system, this was done with the command
# sudo mlabel ::'ARCH_202101' -i '/dev/sda1'
You may need to use something other than /dev/sda1
depending on where the device shows up for you.
Boot the Flash Drive
Put the flash drive in and boot the computer. Keep hitting the F12
key and it should bring up a boot menu where you can select the flash drive as the medium to boot from. You should see a menu where you can choose to install Arch.
Partition the Hard Drive
We’ll make two partitions, one to boot from and the other to hold the rest of the filesystem. I like to use cfdisk
as I find it to be the easiest for this sort of thing.
# cfdisk /dev/nvme0n1
First, delete all the existing partitions. Next create a new partition that is 512M in size. Change the type of this partition to EFI System
which is the top choice on the Type
menu. Next, create a second partition which is the rest of the size of the disk. Write the partition table to the desk and exit.
Format the Partitions
I think the boot partition should already be formatted at this point, but no harm in making sure.
# mkfs.vfat -F32 /dev/nvme0n1p1
Next, we’ll set up our encrypted partition.
# cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/nvme0n1p2
# cryptsetup luksOpen /dev/nvme0n1p2 luks
You’ll be asked for a password after the first cryptsetup
command. You must remember this password as you won't be able to boot into the system later without it. If you forget this password, all the data on the computer will be unrecoverable, so pick something good that you'll remember.
Now, we need to set up our logical volumes. I just use two, one for swap, and one for the filesystem.
# pvcreate /dev/mapper/luks
# vgcreate vg0 /dev/mapper/luks
# lvcreate --size 16G vg0 --name swap
# lvcreate -l +100%FREE vg0 --name arch
Finally, let’s put filesystems on the LVM partitions
# mkfs.ext4 /dev/mapper/vg0-arch
# mkswap /dev/mapper/vg0-swap
and mount them.
# mount /dev/mapper/vg0-arch /mnt
# mkdir /mnt/boot
# mount /dev/nvme0n1p1 /mnt/boot
# swapon /dev/mapper/vg0-swap
Get on the Network
You’ll need to be connected to a network to download everything for the installation. This is now accomplished from the installer with the iwctl
command. First, type
# iwctl
to bring up the interactive [iwd]
prompt. From the prompt, type
[iwd]# station wlan0 connect <ssid>
where <ssid>
is your wireless network name. It will ask you for the password. There will be no success or failure indication when you do this. Next, type
[iwd]# exit
to get out of the interactive prompt. Check that you have network connectivity now with something like:
# ping -c 3 google.com
Assuming you can ping Google, you should be in good shape.
Install the System
We’re ready to start installing the system.
# pacstrap -i /mnt base base-devel linux linux-firmware openssh git vim lvm2 efibootmgr
We’ll need to generate a fstab
.
# genfstab -pU /mnt >> /mnt/etc/fstab
Now, let’s chroot into the system and set some things up that we’ll want.
# arch-chroot /mnt /bin/bash
Set the timezone and locale
# cd /etc
# ln -s /usr/share/zoneinfo/America/Los_Angeles localtime
# echo LANG=en_US.UTF-8 > /etc/locale.conf
# vim /etc/locale.gen
and uncomment en_US.UTF-8 UTF-8
, then
# locale-gen
I picked the host name idril
for my laptop, but insert whatever you choose.
# echo idril > /etc/hostname
# hostnamectl set-hostname idril
# echo "127.0.0.1 localhost" >> /etc/hosts
# echo "::1 localhost" >> /etc/hosts
# echo "127.0.1.1 idril" >> /etc/hosts
Create a user, my standard username is chl
but insert whatever you choose here.
# useradd -m -g users -G wheel -s /bin/bash chl
# passwd chl
This will let you set the password for your user. Then do
# visudo
and uncomment
%wheel ALL=(ALL) ALL
to give your user sudo
access. I also did
# passwd
to set a password for my root
user.
Next on the list is to configure mkinitcpio
with the modules it needs.
# cd /etc
# vim mkinitcpio.conf
You want to add ext4
to MODULES
. Then, you want to add encrypt
and lvm2
to HOOKS before filesystems
. This is what just those two lines from that file look like on my system:
MODULES=(ext4)
HOOKS=(base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck)
Don’t touch anything else in there. Then run:
# mkinitcpio -p linux
We’re getting pretty close to having the base system ready to go. The last thing we need is to install the bootloader grub
and set it up.
# pacman -S grub
# grub-install --target=x86_64-efi --efi-directory=/boot --recheck
To configure grub
, you'll edit a file:
# vim /etc/default/grub
and set GRUB_CMDLINE_LINUX
as follows
GRUB_CMDLINE_LINUX="cryptdevice=/dev/nvme0n1p2:luks:allow-discards"
and then run
# grub-mkconfig -o /boot/grub/grub.cfg
Note that if you are trying to boot multiple operating systems, you would run os-prober
before the grub-mkconfig
command listed above.
If grub-mkconfig
completes successfully, then you should have the system installed. But, it's not very much fun to use at this point, so let's do a bit more work.
Install a Desktop Environment
I am roughly 9000 years old now, so I like old school things like the simplicity of the MATE Desktop Environment.
# pacman -S mate mate-extra
will install the MATE desktop. We also need to install and set up a display manager.
# pacman -S lightdm lightdm-gtk-greeter
# systemctl enable lightdm
A desktop environment isn’t much use without X, so let’s do
# pacman -S xorg-server xf86-video-intel
We’ll also want our normal desktop networking setup:
# pacman -S networkmanager network-manager-applet bluetooth bluez
# systemctl enable networkmanager
# systemctl enable bluetooth
We need some extra firmware to make the sound card work correctly.
# pacman -S sof-firmware
And last, let’s make sure things look nice and legible.
# pacman -S noto-fonts ttf-dejavu ttf-liberation
Finish Up
Exit out of the chroot
# exit
then unmount things and shut down.
# umount -R /mnt
# swapoff -a
# poweroff
Now you should be able to remove the flash drive, power the computer on, and boot into Arch Linux. You’ll be asked to enter a password to unlock /dev/nvme0n1p2
and you'll use the password from the cryptsetup
step earlier.
Enjoy!
Originally published at Chris Lea.