Encrypting Your Computer with Arch Linux


I'm going to go through this quickly, giving all the commands up front. If you follow them you'll be able to take an Arch Linux live cd and have a totally encrypted Arch Linux Virtual Machine. If you can get the Virtual Machine going you can apply that straight to a physical machine.


  1. A Computer
  2. VMware Player
  3. The latest Arch Linux distribution here

And I'm going to assume you've got VMware setup and know how to boot to the installer through VMware or on a physical computer.

I'm also going to assume you have one hard drive. We'll be using LVM on top of Luks so it will be easy to add disks later.


 # dd if=/dev/urandom of=/dev/sda

Wait for this to finish. It will take a while depending on your hard drive size.

Setup Disks

 # fdisk /dev/sda

Press “n”

Press [Enter] three times

Type “+100M” and hit [Enter]

Press “n”

Press [Enter] four times

Press the follow keys in order (press enter after each key): “a”; “1”; “t”; “2”; “8e”; “w”

Build File Systems

 # mkfs.ext4 /dev/sda1
 # pvcreate /dev/sda2
 # vgcreate rootvg /dev/sda2
 # lvcreate -C y -L 1G rootvg -n swaplv00
 # mkswap /dev/mapper/rootvg-swaplv00
 # swapon /dev/mapper/rootvg-swaplv00
 # lvcreate -l +100%FREE rootvg -n rootlv00
 # mkfs.ext4 /dev/mapper/rootvg-rootlv00 
 # mount /dev/mapper/rootvg-rootlv00 /mnt
 # mkdir /mnt/boot
 # mount /dev/sda1 /mnt/boot

Install the OS

 # pacstrap /mnt base base-devel

Go get a beer… or five

Install the Bootloader

# arch-chroot /mnt pacman -S grub-bios

Press “y” if prompted.

Generate fstab

 # genfstab -p /mnt >> /mnt/etc/fstab

Configure the system

 # arch-chroot /mnt
 # echo "hostname" >> /etc/hostname
 # ln -s /usr/share/zoneinfo/America/New_York /etc/localtime

Delete the # in front of en_US in /etc/locale.gen

 # locale-gen

In /etc/mkinitcpio.conf add “dm_mod” to MODULES=“…” and “lvm2” to HOOKS=“base udev … filesystem” where the “…” is located (Anywhere in MODULES, between base udev and filesystem in HOOKS).

 # mkinitcpio -p linux

Configure the Bootloader

 # modprobe dm-mod
 # grub-install /dev/sda
 # cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
 # grub-mkconfig -o /boot/grub/grub.cfg
 # passwd 

Set a root password

Ctrl+D to go back to the Live CD.

 # umount /mnt/boot
 # umount /mnt
 # reboot

That's it. That's the quickest way I can show to install an encrypted Arch OS with Luks.

QR Code
QR Code encrypting_your_computer_with_arch_linux_hayek.0 (generated for current page)