THE ULTIMATE ARCH GUIDE

Goal: to have Arch Linux installed along Windows with Bitlocker and SecureBoot.

Prerequisites

Regular x86_64 PC (not ARM or other architecture)
Free space on your drive
Arch installation image flashed to any removable drive
Bitlocker recovery codes are known to you
Shoud be done last - SecureBoot is put into a setup mode in UEFI

Boot into your Arch installation removable drive now!

1 -- Set up wireless network

You'll need Internet connection to install packages.

iwctl
    device list
    device %your_device% set-property Powered on  # just in case - may be not needed
    
    station %your_device% scan
    station %your_device% get-networks
    station %your_device% connect %network_SSID%

nano /etc/iwd/main.conf                #
    [General]                          # just in case - may be not needed
    EnableNetworkConfiguration = true  #

ping 8.8.8.8

2 -- Partition the disk

You have to partition your free space on the drive. Minimal is two partitions - one is for rootfs of Linux type, second is for swap. EFI partition already exists in our case.

lsblk  # to see your drives
cfdisk /dev/%your_drive%  # set up as many as you want

mkfs.ext4 /dev/%your_partition%  # for each Linux partition, also other file systems may be used
mkswap /dev/%your_swap%

3 -- Mount all partitions

All newly created partitions have to be mounted. You can find your EFI partition with lsblk -F.

mount /dev/%your_root_partition% /mnt

mkdir -p /mnt/boot/efi
mount /dev/%your_efi_partition% /mnt/boot/efi

mkdir /mnt/home                             # if /home partition is used
mount /dev/%your_home_partition% /mnt/home  #

swapon /dev/%your_swap_partition%

4 -- Install basic system

This is the basic collection of packages for a desktop installation that will enable you to run the system, log into it, and perform other steps within.

pacstrap /mnt base linux linux-firmware sof-firmware base-devel grub efibootmgr nano networkmanager os-prober sbctl bluedevil bash-completion

5 -- Configure fstab mounts

Fstab config can be automatically generated for you. It's a good thing to check if its output is ok though.

genfstab /mnt > /mnt/etc/fstab

6 -- Chroot into your new system

This is the point where you will simulate running your new operating system without actually booting into it.

arch-chroot /mnt

== You're inside of your fresh Arch installation now! ==

7 -- Set timezone

Default timezone is UTC+0, you have to change it. It will be set system-wide, but it can be overridden within desktop environments later.

ln -sf /usr/share/zoneinfo/%continent%/%city% /etc/localtime
hwclock --systohc

8 -- Set locale

Figure out which locale you're going to use. Sometimes you may use a collection of different locales for different things. For example, if you want American English language but metric system and 24-hour time format. This is done for the future steps with desktop environments - system-wide you only need LANG locale set.

nano /etc/locale.gen  # uncomment locales you wish to use
locale-gen

echo "LANG=en_US.UTF-8" > /etc/locale.conf  # put system locale there

9 -- Set hostname

Pick a hostname.

echo "your_hostname" > /etc/hostname

10 -- Set root password

By default this password is not set yet.

passwd

11 -- Create your user

You'll be creating your user with home folder, bash session, and membership for sudo. Arch uses old standard which is to call sudo group wheel. Password is also not set by default.

useradd -m -G wheel -s /bin/bash %your_user%
passwd %your_user%

12 -- Enable sudo

By default the sudo group (wheel) is not enabled. You have to find a line with it in config and uncomment it.

EDITOR=nano visudo  # uncomment the line with %wheel group

13 -- Enable NetworkManager

Enable NetworkManager to be run at startup.

systemctl enable NetworkManager

14 -- Install grub

Your bootloader will be GRUB. Enable os-prober to detect your Windows installation, and then install GRUB with TPM support for SecureBoot.

nano /etc/default/grub
    GRUB_DISABLE_OS_PROBER=false  # set OS prober to be enabled

grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --modules="tpm" --disable-shim-lock
grub-mkconfig -o /boot/grub/grub.cfg

15 -- Configure SecureBoot

sbctl is there to help you maintain all needed files signed with your keys. These keys are being enrolled to SecureBoot since we put it into setup mode.

sbctl create-keys
sbctl enroll-keys -m  # adds your keys and Microsoft keys
sbctl sign -s /boot/efi/EFI/GRUB/grubx64.efi
sbctl sign -s /usr/lib/systemd/boot/efi/systemd-bootx64.efi  # just in case - may be not needed
sbctl sign -s /boot/efi/EFI/Boot/fbx64.efi
sbctl sign -s /boot/efi/EFI/Boot/mmx64.efi
sbctl sign -s /boot/efi/EFI/Boot/bootx64.efi
sbctl sign -s /boot/vmlinuz-linux

16 -- Restart into your system

It's time to exit chroot, unmount everything, and try our new OS.

exit
umount -a
reboot

Make sure SecureBoot is enabled now - it may go into disabled state after being in setup mode (vendor-specific).

You may also need to enter your SecureBoot keys just once when logging into Windows because SecureBoot was erased.

== You've restarted into your Arch now! ==

17 -- Upgrade your system

This is how repo update and system upgrade looks like.

nmcli device wifi connect %network_SSID% --ask

pacman -Syu
systemctl reboot

18 -- Install yay for AUR

Install yay to have convenient access to AUR - Arch User Repository.

pacman -S go git  # required to build yay

git clone https://aur.archlinux.org/yay.git
cd yay
makepkg  # building yay package
pacman -U yay-%version%-x86_64.pkg.tar.zst

cd ..
rm -rf yay
pacman -R go  # if you don't need go anymore

19 -- Install dislocker for Bitlocker access

Install and configure dislocker to access your Bitlocker-encrypted drives. Dislocker access consists of two mounts: first one is decrypting your partition into an image file (dislocker-file), and the second one is mounting this image as a loop device to your end mounting point. ".dislocker" notation for your mount folder is purely for your convenience - it can be any other folder.

pacman -S ntfs-3g
yay -S dislocker

mkdir /your/mount  # this will be you end mount point for the encrypted drive, e.g. /mnt/my_drive
mkdir /your/mount.dislocker  # and this is intermediate mount point for dislocker to operate, e.g. /mnt/my_drive.dislocker

nano /etc/fstab
    /dev/%your_bitlocker_partition%         /your/mount.dislocker   fuse.dislocker  recovery-password=%your_recovery_code%,nofail 0 0
    /your/mount.dislocker/dislocker-file    /your/mount             ntfs-3g         loop          0 0

mount -av  # to test if it works

20 -- Install KDE Plasma

We'll be installing KDE Plasma as desktop environment.

pacman -S plasma sddm bluez-tools bluez-utils konsole kate firefox dolphin
systemctl enable sddm
systemctl enable bluetooth
systemctl reboot

21 -- Enable hibernation

You need to configure GRUB and enable some initramfs hooks in order for hibernation to work.

lsblk  # hibernation image is written to swap, so you have to locate your swap partition

nano /etc/default/grub
    GRUB_CMDLINE_LINUX="...resume=/dev/%your_swap_partition%"  # append this line with "resume=" parameter

grub-mkconfig -o /boot/grub/grub.cfg  # generate GRUB config once again to have resume device set

nano /etc/mkinitcpio.conf
    HOOKS=(...filesystems resume fsck...)  # put "resume" hook in between "filesystems" and "fsck"

    mkinitcpio -P  # regenerate iniramfs with newly added hook

nano /etc/systemd/sleep.conf
    HibernateDelaySec=3h  # uncomment and set this parameter to the delay you wish hibernation to happen after entering sleep

systemctl reboot

insanie/arch_guide.md