Installing Arch Linux on a USB Drive · Btrfs + LUKS2

sha256sum archlinux-2025.05.01-x86_64.iso

cfdisk /dev/sdY

Formats the first partition (/dev/sdY1) with the EXT2 filesystem.

mkfs.ext2 /dev/sdY1

Formats the second partition (/dev/sdY2) as FAT32. This is typically used for EFI System Partitions.

mkfs.vfat -F32 /dev/sdY2

Initializes LUKS2 encryption on the third partition (/dev/sdY3).
Type YES in uppercase to confirm, then type a strong passphrase.

cryptsetup luksFormat --type luks2 /dev/sdY3

Opens the LUKS-encrypted partition and maps it to /dev/mapper/cryptroot.
To interact with the partition as if it were unencrypted.

cryptsetup luksOpen /dev/sdY3 cryptroot

Formats the decrypted partition with the Btrfs filesystem.

mkfs.btrfs /dev/mapper/cryptroot

Mounts the decrypted Btrfs partition to /mnt temporarily so we can create subvolumes.

mount /dev/mapper/cryptroot /mnt

Creates the root subvolume @. This will hold the main system files.

btrfs subvolume create /mnt/@

Creates the home subvolume @home for user data. Keeping it separate makes snapshots safer and easier.

btrfs subvolume create /mnt/@home

Unmounts the partition to remount it with the subvolumes as the active filesystem roots.

umount /mnt

Remounts the root subvolume @ with options:
relatime for efficient access times and compress=zstd:3 for transparent compression.

mount -o relatime,compress=zstd:3,subvol=@ /dev/mapper/cryptroot /mnt

Creates the /boot and /home directories inside /mnt to mount the corresponding partitions or subvolumes.

mkdir -vp /mnt/{boot,home}

Mounts the @home subvolume at /mnt/home with the same options as the root subvolume.

mount -o relatime,compress=zstd:3,subvol=@home /dev/mapper/cryptroot /mnt/home

Mounts the EFI system partition at /mnt/boot.

mount /dev/sdY2 /mnt/boot

Lists the partitions, filesystems, and mount points to verify everything is set up correctly.

lsblk -pf /dev/sdY

pacstrap -K /mnt linux-lts linux-firmware linux-lts-headers base base-devel nano \
		 btrfs-progs networkmanager grub efibootmgr dosfstools os-prober mtools \
		 bash-completion iwd usbutils intel-ucode amd-ucode

---

• linux-lts – Long-Term Support kernel, stable and maintained for longer periods.
• linux-firmware – Firmware files for various hardware devices.
• linux-lts-headers – Kernel headers for building modules against the LTS kernel.
• base – Essential packages for a minimal Arch Linux system.
• base-devel – Development tools for compiling software (make, gcc, etc.).
• nano – Simple terminal text editor.
• btrfs-progs – Tools for managing Btrfs filesystems.
• networkmanager – Network management daemon and CLI tools.
• grub – Bootloader to start the OS.
• efibootmgr – EFI boot manager to configure UEFI boot entries.
• dosfstools – Tools for creating and checking FAT filesystems.
• os-prober – Detects other OS installations for bootloader configuration.
• mtools – Utilities to access FAT filesystems without mounting them.
• bash-completion – Bash completions for core commands.
• iwd – Wireless daemon for managing Wi-Fi connections.
• usbutils – Utilities to list and query USB devices.
• intel-ucode – Microcode updates for Intel CPUs.
• amd-ucode – Microcode updates for AMD CPUs.

Generates the fstab file using UUIDs (-U) for all mounted partitions under /mnt, and writes it to /mnt/etc/fstab. This file tells the system which partitions to mount at boot.

genfstab -U /mnt > /mnt/etc/fstab

Enters the new system environment at /mnt, so all following commands affect the installed system, not the live USB.

arch-chroot /mnt

Sets the system name to zombie, Change it to your own hostname, which identifies your computer on networks.

echo "zombie" > /etc/hostname

Links your local timezone file to /etc/localtime for correct system time. Set it to your own localtime

ln -sf /usr/share/zoneinfo/Japan/Tokyo /etc/localtime

hwclock – Writes the system time to the hardware clock so it stays accurate after reboots.

hwclock --systohc

Enables the en_US.UTF-8 locale for system-wide use.

echo "en_US.UTF-8 UTF-8" | tee -a /etc/locale.gen

locale-gen – Generates the locale files specified in /etc/locale.gen.

locale-gen

Sets the default system language environment variable.

echo "LANG=en_US.UTF-8" > /etc/locale.conf

Add your own keymap.

echo "KEYMAP=us" > /etc/vconsole.conf

Prompts to set a strong password for the root account.

passwd

Defines the username you will create.

auser=yourusername

Creates the user with a home directory and adds them to the wheel group for administrative privileges.

useradd -mG wheel "$auser"

Sets the password for your new user account.

passwd "$auser"

Edits the sudoers file safely. This allows users in the wheel group to use sudo for administrative tasks.
Uncomment the line at the bottom of the file by removing the # from: %wheel ALL=(ALL) ALL

EDITOR=nano visudo

Open the GRUB configuration file for editing. This file controls bootloader settings and kernel parameters.

nano /etc/default/grub

This enables GRUB to recognize LUKS-encrypted partitions at boot, allowing you to enter the passphrase early.

GRUB_ENABLE_CRYPTODISK=y     # Uncomment the line by removing the hashtag (#), then save and exit the file

Outputs the unique identifier of your LUKS encrypted partition. It tells GRUB which partition to unlock.

cryptsetup luksUUID /dev/sdY3

This two-line command retrieves the LUKS UUID automatically and updates the GRUB configuration safely, avoiding manual copy/paste.

UUID=$(cryptsetup luksUUID /dev/sdY3)
sed -i "s|^GRUB_CMDLINE_LINUX=.*|GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$UUID:root rootfstype=btrfs\"|" /etc/default/grub

Installs GRUB for UEFI systems.
- --efi-directory=/boot specifies the EFI system partition.
- --bootloader-id=GRUB names the boot entry.
- --removable makes it bootable on removable media.
- --recheck ensures device detection is refreshed.

grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB --removable --recheck

Installs GRUB for BIOS systems.
- --boot-directory=/boot specifies where GRUB files go.
- Replace /dev/sdY with your actual target disk.

grub-install --target=i386-pc --boot-directory=/boot /dev/sdY

Automatically generates the GRUB configuration file, detecting all kernels and operating systems.

grub-mkconfig -o /boot/grub/grub.cfg

Open the configuration file where you define which modules and hooks are included in the initramfs.

nano /etc/mkinitcpio.conf

Here, Btrfs support, USB storage, USB keyboard, and USB controllers are included for proper hardware initialization.

MODULES=(btrfs usb_storage usbhid xhci_pci ehci_pci)

Define the sequence of operations during boot. Important points:
- keyboard before autodetect ensures the keyboard works for password entry.
- encrypt before filesystems ensures encrypted volumes are unlocked before mounting.

HOOKS=(base udev keyboard autodetect microcode modconf kms keymap consolefont block encrypt filesystems fsck)

Rebuilds all preset initramfs images using the updated configuration, so the system boots with proper modules and hooks.

mkinitcpio -P

A higher-level tool to manage wired, wireless, and VPN connections with CLI or GUI tools.

systemctl enable NetworkManager

Maps hostnames to IP addresses locally.
This ensures your system can resolve its own hostname and loopback addresses without querying DNS.

host=$(cat /etc/hostname)
sh -c "printf '127.0.0.1   localhost\n::1   localhost\n127.0.1.1   $host.localdomain   $host\n' > /etc/hosts"

pacman -S xfce4 xfce4-goodies lightdm lightdm-gtk-greeter network-manager-applet \
	  bluez bluez-utils wget curl git xdg-utils gvfs openssh alsa-utils \
	  pipewire pipewire-pulse pavucontrol wireplumber unzip ntfs-3g rsync \
	  noto-fonts-emoji noto-fonts-cjk noto-fonts-extra chromium arch-install-scripts gparted

These packages install XFCE, essential utilities, audio/video support, network management, Bluetooth, and common CLI tools for daily usage.

• xfce4 – XFCE desktop environment.
• xfce4-goodies – Additional XFCE plugins and tools.
• lightdm – Display manager for graphical login.
• lightdm-gtk-greeter – GTK-based login screen for LightDM.
• network-manager-applet – GUI for managing network connections.
• bluez – Bluetooth protocol stack.
• bluez-utils – Bluetooth utilities for managing devices.
• wget – Command-line file downloader.
• curl – Command-line tool for transferring data with URLs.
• git – Version control system.
• neofetch – Displays system information in terminal.
• xdg-utils – Desktop integration utilities.
• gvfs – Virtual filesystem support for desktop apps.
• openssh – SSH client and server.
• alsa-utils – ALSA audio utilities.
• pipewire – Multimedia server for audio/video.
• pipewire-pulse – PulseAudio compatibility layer for PipeWire.
• pavucontrol – GUI volume control for PulseAudio/PipeWire.
• wireplumber – PipeWire session manager.
• unzip – Extract ZIP archives.
• ntfs-3g – NTFS filesystem support.
• rsync – File synchronization tool.
• noto-fonts – Much-needed fonts to include extra characters for different languages.
• arch-install-scripts – Scripts to aid in installing Arch Linux on other systems
• gparted – A Partition Magic clone

Starts the display manager automatically at boot, providing a login screen.

systemctl enable lightdm

Starts the Bluetooth service automatically at boot for device pairing and management.

systemctl enable bluetooth

Leave the chroot environment, returning to the live installer system.

exit

Recursively unmounts all partitions mounted under /mnt, ensuring no filesystems are left mounted before shutdown.

umount -R /mnt

Shuts down the installer system safely. After this, you can remove the installation media and boot your new system.

poweroff