BIOS: set boot mode UEFI; disable Secure Boot, Fast Boot, CSM

Windows 10: install UEFI; disable hibernation

download Rufus (rufus.ie), Arch (archlinux.org/download), GnuPG (gnupg.org/download/index.html)

open PowerShell, compare Arch SHA256

1
CertUtil -hashfile FILENAME.iso SHA256

Rufus: make Arch GPT bootable

reboot to GRUB, type e

before initrd, type nomodeset; F10 saves, reboots

boot into Arch install

keyboard default is US

check UEFI

1
2
3
4
5
# output: 64
cat /sys/firmware/efi/fw_platform_size

# check directory
ls /sys/firmware/efi/efivars

check ethernet

1
2
ip link
ping google.com

set wifi

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# get device name
iwctl device list

# get network
station DEVICE get-networks

# connect
iwctl --passphrase PASSWORD station DEVICE connect SSID

# confirm
ip link

set clock

1
2
3
4
5
# check status
timedatectl

# if `NTP service: inactive`:
timedatectl set-ntp true

partition SSD

don't delete existing EFI partition from Windows 10 Manager

if prompt to remove NTFS signature, type y

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# view
fdisk -l

# start
fdisk BLOCK_DEVICE  # (e.g., /dev/sda)
    # `swap`; partition number; default start sector; size, end sector
    n; 2; ENTER; +4G

    # `root`; partition number; default start sector; default end sector
    n; 3; ENTER; ENTER

    # write
    w

format partitions

don't format EFI partition if already existent

1
2
3
4
5
# `root` (i.e., system files, documents)
mkfs.ext4 /dev/ROOT_DEVICE_BLOCK    # (e.g., /dev/sda3)

# `swap`
mkswap /dev/SWAP_DEVICE_BLOCK       # (e.g., /dev/sda2)

mount partitions

1
2
3
4
5
# `root` volume
mount /dev/sda3 /mnt

# `EFI` volume
mount --mkdir /dev/EFI_DEVICE_BLOCK /mnt/boot

enable swap

1
swapon /dev/SWAP_DEVICE_BLOCK

set mirrors

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
# sync first
pacman -Syy

# check current, uncomment if needed
vim /etc/pacman.d/mirrorlist

# backup
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup

# edit `reflector.conf` to get best mirrors
vim /etc/xdg/reflector/reflector.conf

    # comment conflicting lines
    --save /etc/pacman.d/mirrorlist
    --country COUNTRY_NAME              # (e.g., "United States"; no quotes if one-word name)
    --protocol https
    --latest 5

# get new mirrors
reflector --save /etc/pacman.d/mirrorlist

get base packages

1
2
3
4
pacstrap -K /mnt base grub efibootmgr linux linux-firmware linux-headers man-db man-pages mesa networkmanager os-prober ranger reflector sudo texinfo ufw vi vim wireless_tools wpa_supplicant

# sync
pacman -Syy

generate fstab

1
2
3
4
genfstab -U /mnt >> /mnt/etc/fstab

# confirm no errors
vim /mnt/etc/fstab

change root

1
arch-chroot /mnt

set time

1
2
3
4
5
6
7
8
# get timezone info if unknown
vim /user/share/zoneinfo

# set symbolic link
ln -sf /usr/share/zoneinfo/REGION/ /etc/localtime

# set hardware clock
hwclock --systohc

generate locale

1
2
3
4
5
6
7
8
# uncomment `en_US.UTF-8 UTF-8`
vim /etc/locale.gen

locale-gen

# set language variable
vim /etc/locale.conf
    LANG=en_US.UTF-8        # add

set hostname, password

1
echo HOSTNAME > /etc/hostname

generate initramfs

1
mkinitcpio -P

set password; answer prompts

1
passwd

set GRUB

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
# install microcode if not present
pacman -S amd-ucode

# i.e., ESP is probably `/boot`
grub-install --target=x86_64-efi --efi-directory=ESP --bootloader-id=GRUB

# include Windows 10 in `GRUB` with `os-prober`
vim /etc/default/grub
    GRUB_DISABLE_OS_PROBER=false # uncomment

# run to check `Windows Boot Manager`
os-prober

# generate configuration
# note this overwrites custom kernel parameters
grub-mkconfig -o /boot/grub/grub.cfg

# add kernel parameter to view graphics
vim /boot/grub/grub.cfg
    # add to `menuentry Arch Linux` section
    # at end of `linux` and `UUID` line, before `echo` and `intrd` lines
    nomodset

restart, login

1
2
3
4
exit
reboot
root        # login
PASSWORD    # password

start services

1
2
3
4
5
6
systemctl enable --now NetworkManager.service
systemctl enable --now reflector.service
systemctl enable --now reflector.timer
systemctl enable --now systemd-timesyncd.service
systemctl enable --now ufw.service
systemctl enable --now wpa_supplicant.service

setup wifi

1
nmcli device wifi connect SSID password PASSWORD

add user

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
useradd -m -g users -G wheel -s /bin/bash HOSTNAME

# set host password
passwd HOSTNAME

# permit `sudo`
vim /etc/sudoers 
    %wheel ALL=(ALL) ALL    # uncomment

# logout; login
exit
HOSTNAME            # username
PASSWORD            # password

setup environment

1
2
sudo pacman -Syu
sudo pacman -S base-devel git konsole openssh plasma-desktop xf86-video-amdgpu xorg-server xorg-xinit

auto-startx

1
2
3
4
sudo vim ~/.bash_profile
    if [ -z "${DISPLAY}" ] && [ "${XDG_VTNR}" -eq 1 ]; then
        exec startx
    fi

keep boot messages on tty1

1
2
3
4
5
6
cd /etc/systemd/system
sudo mkdir getty@tty1.service.d
sudo vim noclear.conf
    [Service]               # add
    TTYVTDisallocate=no     # add
    :wq

enable Arch User Repository

1
2
3
4
# build package
git clone https://aur.archlinux.org/yay.git 
cd yay
makepkg -si

install preferred packages

1
yay google-chrome

unfinished:

https://wiki.archlinux.org/title/Security

check hardware vulnerabilities

1
2
# https://docs.kernel.org/admin-guide/hw-vuln
grep -r . /sys/devices/system/cpu/vulnerabilities

https://wiki.archlinux.org/title/System_maintenance

Edit
Raw PDF PNG
Pub: 10 Jul 2023 01:22 UTC
Views: 253
new·what·how·langs·contacts