Install Arch Linux on a Dell XPS 13 9310 with Disk Encryption
I am mostly just writing this down as a reference for my future self. I recently got a Dell XPS 13 9310 “developer edition” laptop, which came preinstalled with Ubuntu Focal. Since I know all the hardware is Linux compatible I installed Arch. The laptop ships with a NVME HDD and is configured for UEFI booting, so that’s what is represented here.
Disable Secure Boot
My laptop came with secure boot turned on, but this won’t work with Arch. Boot the laptop while hitting the
F2 key until it shows that you're going into the BIOS setup. Once you're in there, find the area for secure boot, turn it off, hit the button to apply changes, and finally hit OK to exit.
Prepare a USB Flash Drive
Download an ISO image from the download site.
Since we are booting it via UEFI, you want to extract the ISO image to an empty, FAT formatted flash drive. I did this from a different Linux laptop using 7z.
# 7z x archlinux-2021.01.01-x86_64.iso -o/path/to/FLASHDRIVE
You need to explicitly label the Flash drive with what the computer expects it to be named or it won’t boot. For the ISO referenced above, the correct label is
ARCH_202101. On my system, this was done with the command
# sudo mlabel ::'ARCH_202101' -i '/dev/sda1'
You may need to use something other than
/dev/sda1 depending on where the device shows up for you.
Boot the Flash Drive
Put the flash drive in and boot the computer. Keep hitting the
F12 key and it should bring up a boot menu where you can select the flash drive as the medium to boot from. You should see a menu where you can choose to install Arch.
Partition the Hard Drive
We’ll make two partitions, one to boot from and the other to hold the rest of the filesystem. I like to use
cfdisk as I find it to be the easiest for this sort of thing.
# cfdisk /dev/nvme0n1
First, delete all the existing partitions. Next create a new partition that is 512M in size. Change the type of this partition to
EFI System which is the top choice on the
Type menu. Next, create a second partition which is the rest of the size of the disk. Write the partition table to the desk and exit.
Format the Partitions
I think the boot partition should already be formatted at this point, but no harm in making sure.
# mkfs.vfat -F32 /dev/nvme0n1p1
Next, we’ll set up our encrypted partition.
# cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/nvme0n1p2
# cryptsetup luksOpen /dev/nvme0n1p2 luks
You’ll be asked for a password after the first
cryptsetup command. You must remember this password as you won't be able to boot into the system later without it. If you forget this password, all the data on the computer will be unrecoverable, so pick something good that you'll remember.
Now, we need to set up our logical volumes. I just use two, one for swap, and one for the filesystem.
# pvcreate /dev/mapper/luks
# vgcreate vg0 /dev/mapper/luks
# lvcreate --size 16G vg0 --name swap
# lvcreate -l +100%FREE vg0 --name arch
Finally, let’s put filesystems on the LVM partitions
# mkfs.ext4 /dev/mapper/vg0-arch
# mkswap /dev/mapper/vg0-swap
and mount them.
# mount /dev/mapper/vg0-arch /mnt
# mkdir /mnt/boot
# mount /dev/nvme0n1p1 /mnt/boot
# swapon /dev/mapper/vg0-swap
Get on the Network
You’ll need to be connected to a network to download everything for the installation. This is now accomplished from the installer with the
iwctl command. First, type
to bring up the interactive
[iwd] prompt. From the prompt, type
[iwd]# station wlan0 connect <ssid>
<ssid> is your wireless network name. It will ask you for the password. There will be no success or failure indication when you do this. Next, type
to get out of the interactive prompt. Check that you have network connectivity now with something like:
# ping -c 3 google.com
Assuming you can ping Google, you should be in good shape.
Install the System
We’re ready to start installing the system.
# pacstrap -i /mnt base base-devel linux linux-firmware openssh git vim lvm2 efibootmgr
We’ll need to generate a
# genfstab -pU /mnt >> /mnt/etc/fstab
Now, let’s chroot into the system and set some things up that we’ll want.
# arch-chroot /mnt /bin/bash
Set the timezone and locale
# cd /etc
# ln -s /usr/share/zoneinfo/America/Los_Angeles localtime
# echo LANG=en_US.UTF-8 > /etc/locale.conf
# vim /etc/locale.gen
en_US.UTF-8 UTF-8, then
I picked the host name
idril for my laptop, but insert whatever you choose.
# echo idril > /etc/hostname
# hostnamectl set-hostname idril
# echo "127.0.0.1 localhost" >> /etc/hosts
# echo "::1 localhost" >> /etc/hosts
# echo "127.0.1.1 idril" >> /etc/hosts
Create a user, my standard username is
chl but insert whatever you choose here.
# useradd -m -g users -G wheel -s /bin/bash chl
# passwd chl
This will let you set the password for your user. Then do
%wheel ALL=(ALL) ALL
to give your user
sudo access. I also did
to set a password for my
Next on the list is to configure
mkinitcpio with the modules it needs.
# cd /etc
# vim mkinitcpio.conf
You want to add
MODULES. Then, you want to add
lvm2 to HOOKS before
filesystems. This is what just those two lines from that file look like on my system:
HOOKS=(base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck)
Don’t touch anything else in there. Then run:
# mkinitcpio -p linux
We’re getting pretty close to having the base system ready to go. The last thing we need is to install the bootloader
grub and set it up.
# pacman -S grub
# grub-install --target=x86_64-efi --efi-directory=/boot --recheck
grub, you'll edit a file:
# vim /etc/default/grub
GRUB_CMDLINE_LINUX as follows
and then run
# grub-mkconfig -o /boot/grub/grub.cfg
Note that if you are trying to boot multiple operating systems, you would run
os-prober before the
grub-mkconfig command listed above.
grub-mkconfig completes successfully, then you should have the system installed. But, it's not very much fun to use at this point, so let's do a bit more work.
Install a Desktop Environment
I am roughly 9000 years old now, so I like old school things like the simplicity of the MATE Desktop Environment.
# pacman -S mate mate-extra
will install the MATE desktop. We also need to install and set up a display manager.
# pacman -S lightdm lightdm-gtk-greeter
# systemctl enable lightdm
A desktop environment isn’t much use without X, so let’s do
# pacman -S xorg-server xf86-video-intel
We’ll also want our normal desktop networking setup:
# pacman -S networkmanager network-manager-applet bluetooth bluez
# systemctl enable networkmanager
# systemctl enable bluetooth
We need some extra firmware to make the sound card work correctly.
# pacman -S sof-firmware
And last, let’s make sure things look nice and legible.
# pacman -S noto-fonts ttf-dejavu ttf-liberation
Exit out of the chroot
then unmount things and shut down.
# umount -R /mnt
# swapoff -a
Now you should be able to remove the flash drive, power the computer on, and boot into Arch Linux. You’ll be asked to enter a password to unlock
/dev/nvme0n1p2 and you'll use the password from the
cryptsetup step earlier.
Originally published at Chris Lea.