Arch Linux + Windows 10 Encrypted UEFI Installation Guide (2020)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what's up everyone today I'm gonna be answering one of the most common questions I get which is how do I set up my desktop environment so I'm not going to worry too much about contentious conversations about whether it's right to run Windows as alongside Linux or whether it's right to run our Traverse other operating systems I would just say do what works for you I happen to really like the setup I use arch as my primary driver for 98% of my use cases it's super minimal it lets me compose kind of like my own distribution that meets my needs so I love it for that and it also doesn't try to abstract away too much of the weeds so I get to learn a lot in the process and then I also use Windows just in case there's something for work that I need Windows for it doesn't really happen too often but it has happened a couple times now I'm gonna be setting this up on my personal laptop this is the same setup I use for personal devices and work devices now my setup is a dual boot with arch and Windows both are fully encrypted independent of one another and also I use grub the bootloader to select which operating system I want to boot into so today I'm gonna try to give you the most succinct description of how to set this up and I think you'll find it to be not as challenging as it might sound at a tour seemed at face value so the only prereqs you have for this are to have installation media for Windows and for Arch Linux on my website not only do I have information about the installation media but I've got details and snippets on every single cent app I'm gonna do here with you today so if you set this up for yourself you might find that website really helpful the link will be in the description so let's get started the first thing I need to show you is the BIOS of the machine so I haven't done much to my personal thing pad other than gone in and disabled secure boot secure boot is not a feature that I personally need or like you can set up arch linux to boot insecure boot mode if you need to but those are some extra steps that you'll have to decide whether that's important to you and then in BIOS I've also set the boot mode as UEFI only most are going to support UEFI and a bios mode or legacy boot mode UEFI is kind of the newer standard it works really well I just highly recommend you use that and then finally there is a device key f12 which I'll be using a lot like right now where we boot into the window partitions so let's go ahead and plug the windows USB in here and this is just a Windows 10 ISO that I grabbed from Microsoft's website so we'll see if I can get this plugged in good good we will go ahead and restart and I'll be hitting f12 now to make sure that I get to the boot menu all right now inside of the boot menu I'll select the USB you might be wondering why we're starting with Windows and the primary reason is that this is a little bit of an easier place to start from because Windows has some opinions on how the partition layout goes and it just so happens that the partition layout it puts in place is something that we can just build on top of with Linux so it's going to set up a partition for EFI it's gonna set up a partition for its windows partitions and stuff and just give us a bunch of free space that we can use with Linux as well so again I find starting with Windows to be a much easier process there's nothing too special about the Windows installation process other than we need to specify the disk space we're going to use so I'll show you where that menu option is in a moment here so we'll accept the agreement we'll go down to a custom install and the key is to do the custom install cuz we need to go through and delete every single one of the existing partitions we're gonna start totally fresh here and we'll delete all of these and then we're just gonna have a big blob of unallocated space available to us so let's do that now all right so we've got the 200 or so gigs available to us we just go to new in the Installer and it's gonna ask us what size we want so for size this is the amount you're gonna allocate for the Windows install I'm gonna give it somewhere oops you see if I can cancel that real quick I'm gonna give it somewhere in the wheelhouse what did I hit okay let me try that again so I'm gonna give it somewhere in the wheelhouse of like 99 gigabytes it's probably gonna be a little bit less than that and then we'll apply this and in Windows we'll say hey can I create some partitions we'll say ok and then Windows is going to set up what it thinks the partition table should look like now most important to Linux it's going to set up a partition - this is the system or the five partition this will be helpful if when we set up things like grub and arch EFI boot instructions in partition four is where Windows will go and partition or non-existent partition space is where we're gonna eventually put Linux so let's go ahead and go to next and now we're gonna install Windows so once this installation is complete we are going to hop in and do some configuration along with encrypt the windows partition that we have a set up all right now I'm just gonna go through the windows configuration this is just selecting languages and stuff like that nothing too special so I won't bother recording it but in a moment we'll meet up in a fully booted Windows environment where we'll finish configuring and then setup encryption all right so we've officially booted up into Windows the first thing we're gonna do actually the only real configuration we need to do is open up control panel and go to power inside of power there is a change what the power buttons do option and inside of here you want to disable the fast startup option this prevents Windows from shutting down completely when you ask it to shut down which can have bad impacts on Linux and your ability to switch between Linux and Windows but as far as Windows 10 goes at the time of this recording that's about it that's all the configuration you need to do now I'm gonna assume you also want to encrypt as I do so we're gonna open up a web browser for a moment here and we're gonna search for a utility that I'm apparently misspelling called veracrypt and veracrypt is a free and open source disk encryption software Windows does have a way to encrypt but for some reason you can only get it in certain flavors of Windows or something I don't really know I've been using veracrypt for a really long time now love it it's a great project seems to work super super well so we're gonna run the installer for veracrypt we'll get out of here we'll give veracrypt the details or security permissions it needs more so and then we'll just go ahead and run the installer so and the installer is just to get the veracrypt software to do the encryption so next next install looking good I'll exit out of here hopefully close these tabs cool and it says it's installed alright good and they have a donate page if you do end up using this and liking it so let's go ahead and open up veracrypt now veracrypt is a very capable piece of software but all we need to do is go to system and choose to encrypt the entire system partition because we want all of Windows to be encrypted so we will hit yes again to permissions for the initial screen with veracrypt not a whole lot you got to do here other than hit next for normal mode encrypts the windows system partition and for the number of operating systems while it might seem counterintuitive we're gonna choose single boot here we don't want veracrypt to know anything about Linux we're gonna use a tool in Linux called Lux to setup encryption there so we'll do single boot and then next again and you can choose your encryption option here I'll leave it up to you to determine what's best for you we'll put in a password and this password is what you're gonna use to unlock the disk it'll yell at me probably that my password is not very secure but that's okay and then it's gonna want you to move your mouse and you know make hardware actions happen so it can generate enough entropy to create the keys it needs to encrypt once you've done that you can hit next and next pass the keys alright and then you also have the option of making a rescue disk I do recommend doing this if you care a lot about your windows partition I rarely use it but you can hit you can go through this process and on a USB stick have a rescue drive setup so if you ever forget your password or have issues you could theoretically get back into your drive for white mode this will give you the option to overwrite all of the existing bits with random zeros and ones I don't care about that I'm not worried about the security of this drive I'm just gonna do white mode none and just encrypt it as is and then lastly we're gonna kick off the pretest here the pretest is gonna reboot the Machine and the pretest is really good to make sure you didn't mess anything up so what it's gonna do once it boots back up is give me a tiny password dialog in that password dialog I need to put in my password and if I put it incorrectly windows will boot back up and we'll be set to start the encryption but if it fails it's good because veracrypt has not gone in and encrypted the whole drive yet so it's not like I've potentially hosed my whole system I'm still in kind of this pre test mode more or less so if you look in the top left of my screen here you see the password just popped up I know the text is a little small here just go ahead and pop through it and if all goes well it'll authenticate us and boot us right back into Windows okay so we're back in the system here now we just need to log in and let's put in the right pin now what should happen if all went well is after we sit at the Windows desktop for just a moment here and you know probably less than a minute we'll get a pop-up from veracrypt saying hey test completed looking good do you want to go ahead and encrypt the hard drive which is exactly what we'd like to do and we're very close to being done with Windows at this point so we'll just click encrypt we will say ok - they're in greement and yes - the privileges they need and encryption now starts so that's it so now we just got to watch the paint dry for encryption once this encryption is done we're ready to boot over into our Arch ISO and start the installation of Linux ok so now we're all good the machine restarted veracrypt said the pretest went well and it's fully encrypted to drive now so we will finish and we're ready to restart the computer now I should mention with the restart that I'm pulling out the USB for windows and I'm going to be plugging in the USB for arch now so I'll plug that in good and we are ready to restart the machine so similar to before I'm gonna hit f12 many many times this should ensure that I get to the boot menu again at least on Lenovo and their motherboards that seems to work just fine ok we're entering the boot menu now ok so we'll go down to the USB HDD alright so now we're inside of the arch kind of boot menu if you will it's probably grub base so this boot menu you'll notice says UEFI so you want to be careful if your boot menu looks a lot different than this are you booting in UEFI mode and if you're not do you know what you're doing so with this mode here we're looking pretty good overall one little pro tip I'll give you if you hit e on this first menu item it's gonna give you the command it's gonna run on high resolution monitors and frankly most modern monitors the text in the Installer is gonna show up really small there's many ways to fix this I think there's a really easy way though and that is to type in no mode set video equals and then give it a resolution you're comfortable with so I usually do 1280 by let's say like 760 and sure it's not going to be the most beautiful text you've ever seen in your life but it's gonna be nice and large and you're actually gonna be able to tell what you're typing in alright so once this boots up and it's seen the ISO it's kind of booting into UEFI mode if all goes well we're gonna kind of start with two steps the first thing is you know the USB obviously doesn't come with every package everything that I need so we're gonna rely on the internet to get a lot of those packages in this install so connecting to the internet will be crucial if we can get on the internet I'm then gonna show you how I set up arch on a machine using a different machine which might seem a little weird but I don't really like completing the install in the super-limited terminal I like to have access to an internet browser and copy and paste and my editors and things like that so I'll show you how to set that up although it is a completely optional step that's up to you whether you want to actually implement that okay looks like we are good to go so let's just make sure we don't have internet connectivity to start ourselves off it appears we don't now there's a kind of really simple tool set in here that uses system D it's called net CTL and it lets us connect to the internet and we're gonna start off by using one of its utilities so I'm on a ThinkPad laptop and if I had an Ethernet cable honestly just plug in an Ethernet cable it's it makes it much simpler but luckily we can use this tool called Wi-Fi menu and assuming we don't have some obscure you know wireless card that doesn't have the drivers supported we should be able to just select our network in here hit enter and then once we put in the password for our network we should be able to connect to the internet okay so theoretically we should be connected to the Internet so let's do an IPA s you can see under interface number 3 I have an eye net and IP address associated with it so that's one nine to 168 194 we can ping Google and make sure we're online all is looking great so since we're online what we're going to do now is we're going to SSH into this box this is that Remote thing I was trying to tell you about so here's the idea first things first set a password for the root user this is just for your USB stick your your media right it's not going to persist into your end system so put in an arbitrary simple password here then if we use systemctl we can look at the status for sshd luckily I think this is kind of brilliant this I so ships with an SSH daemon so to continue the install from another computer be in a Windows machine with putty or a Mac or Linux box all we've got to do is say systemctl start sshd and if we run the status command again we can see in the logs that it is listening on port 22 which is exactly what we want now assuming you have another computer on the same network if you choose to you can now go to that computer and complete the install in your familiar environment and that's exactly what I'm gonna do now so I'll flip over to my desktop this is another Linux desktop that I use as my primary desktop and I'll start off by just SSH again so I'm gonna SSH into root at 192 168 194 we'll hit enter we'll verify the identity and we'll type in that root password and that's it now from my machine I'm gonna be able to complete the arch install I've got T MUX loaded so I can open stuff up locally I've got my web browser available so if I need to pull anything off of the wiki I can do that as well and we're pretty much set so let's do this thing so first things first we need to take a look at the disk layout that is the most important part we're gonna run this command LS BLK many many many times throughout this okay so LS BLK or list block devices has given us a view of all of the disks we can see the main disk and then all the windows partitions that went under it now it's time for us to put our Linux partitions in place and you have many tools you can use to do this I'd recommend using CG discs I think it makes things really easy and to get on to the right disk you just need to specify dev which is stands for device and Linux and then put in the disk so we have nvme 0 and 1 which is the disk in CG disk will open this really nice interface that lets us start the formatting now there's things like f disk and a bunch of other cool ways you can set up partitioning I just happen to like see Jesus it helps me kind of conceptualize if I'm doing things right so first thing just to notice partition 2 is the efi partition don't forget that we're gonna need that a little bit later when we setup grub we're gonna reuse this partition but now we need some new ones so for the free space I'm gonna start off by hitting new keep the first sector as the default the size and sectors is going to be 512 megabytes I'm going to keep the filesystem as default which just makes it a normal Linux file system and I'm gonna call this partition boot and then I'm gonna do the same thing in the next free space so I'll go down to free space new I'll hit enter this time I'll leave sectors empty which means it will fill up the entire remaining space I'll keep it as 80 300 or Linux file system and I'll call this root so this is what our file system partition is gonna look like it's actually pretty simple or I should say our drive partition we've got number two which is EFI a very important one we've got boot and we've got root now boot is been separated from root this is an optional step but the reason I do it is we're gonna be setting up something called init RAM FS or the initial Ram disk and you can put boot in root but I like boot to be completely unencrypted and the reason is when you log on it will bring up the grub menu you won't have to put in a password you can just choose Linux or Windows and then based on your choice it'll take you to either veracrypt - unencrypted Windows or through the lux setup we're gonna do two unencrypted Linux so I think it makes the setup much simpler in my opinion I I prefer this layout there's a ton of fancy things you can do you can set up these things called logical volumes and break it up even more intricately but for me on a desktop machine that's really kind of overkill I think this does a great job of getting everything we need in place so I'm gonna go in write the filesystem changes here or write the partition changes and with that in place if you quit out of here let's do LSB LK lists block devices again and now you can see you've officially got two new pieces inside of here you've got p5 and p6 which will refer to so again our partitions are P 2 which is EFI P 5 which is boot in P 6 which is the root filesystem so a most important thing we start off with let's encrypt P 6 because we want this to be a fully encrypted setup so we're gonna do crypt setup we're gonna do why to ask for our password twice we will do use random which uses dev random to generate the keys we're gonna do Lux format which will do the encryption and then we're gonna do dev and point it at the p6 so this will encrypt p6 it wants to know if it's okay to overwrite the data we're gonna type yes and capital letters put in the passphrase twice that we'll use to unlock this disk in the future and there we go so we've got an encrypted disk now at first glance it's not gonna look much different but the key thing to know is you can kind of think of this like a a metaphorical lock box now p6 isn't any good to us unless we open it up in map it's it's kind of root filesystem to something that we can access so to do just that the first thing we need to start off by doing is run crypt setup we need to run Lux open against that particular Drive so this will be P 6 and then we're going to do a kind of an arbitrary name here to identify it so we'll call it crypt root we'll put in the passphrase and now we should have this set up so let's do LS BLK again crypt root you'll notice is now available underneath this so again we've unlocked that lock box and we've got crypt root available another thing you'll see is under dev mapper there is now a reference to crypt root so the important thing is whenever we reference the actual root filesystem we're gonna do it through this dev mapper thing so kind of the sequence is well maybe not technically perfectly correct you can think of it like you go and you unlock the box you make sure it's mapped to this dev mapper location and then this kind of pseudo location is where we go to access that that root hard drive which again in my mind keeps it somewhat clean even if it's not a perfect technical explanation so the next thing we're going to do is we're going to mount these things up so again we know P 2 is efi p5 is boot and p 6 is root so let's start with p 6 to mount p 6 we're going to mount it into this isoh so we can start doing installs actually note before we even mount I should mention one step I'm kind of thinking it's gonna give us issues we need to make sure there's a file system set up on these new partitions right so let me back up a step here so you have a command on your machine called mkfs or on your iso drive where you can make different file systems so I'm gonna make an ext4 file system you can look up these types X t4 is probably the most common for Linux and we're gonna start off by giving nvme 5 which is the boot partition that particular file system so exe for now you'll see some different opinions on what to use for the boot partition honestly ext4 works fine you just need to make sure the bootloader is compatible with that filesystem type so ext4 is great and then we're gonna basically do the exact same thing for p6 but remember we can't really interact with p6 directly anymore it's like a locked box for us so what we need to do is go into dev mapper and get that crypt root that is the mapping that's from the that lock box right for p6 so it'll create the new filesystem and now we're here so we've got file systems for p5 and p6 if you're wondering at all why I didn't do P to remember that this already has a file system from the Windows install and it's probably running something like fat32 because that's how window sets it up and I think actually Linux prefers that for efi camera what the default is for efi off the top of my head but nonetheless we're looking pretty good now we're ready to start mounting stuff so we need to mount P 6 P 5 and P 2 many of you already know that in Linux there is a default directory usually use to mount things to which is mount so the idea being if we could mount like the crypt root or P 5 or P 6 in to this directory we could start installing files and writing things and they would actually persist to that partition so let's start this out if we do a mount we will start off with the roots so dev mapper and this will be crypt root and we're gonna do this against mount so the way to think about this is if I start writing files into mount like this one here that we're gonna need to write so let's do mount boot now inside of crypt root that has been persisted in that partitions that is that is saved on the filesystem now it's not just local to the ISO so I made a boot directory intentionally because now we're also gonna mount P 5 P 5 owns that boot directory so let's do dev nvme let's grab P 5 and we're gonna do this on mount boot okay we're gonna do make directory one more time we're gonna do mount to boot and make a efi directory which is kind of the canonical set up with with arch it's gonna expect things although you can configure it to be in slash boot slash efi so we'll mount one more time and you probably know where i'm going with this efi is p2 so let's select p2 go to mount go to boot go to efi and now we've fully mounted the system so if we clear this out I'll show you another visual let's list block devices how this is set up is it's basically saying everything in root is gonna belong to crypt root another way to think about that is everything in root is encrypted except mount boot has its own partition which is P 5 and then efi has its own partition which is p2 so things that live in these folders will be part of different partitions that will be unencrypted now you actually done most of the groundwork to start the installation process for linux and to start the installation we're going to be using a tool called pack strap pack strap lets us put a bunch of packages in kind of like pac-man but it's going to let us specify kind of a root directory so it'll pretend like it's living in that new root and installing the packages now you might wonder well how do I know what packages to install what are the kind of beautiful things about arch in my opinion is you get to compose the packages you want which I absolutely adore that concept right so if I go in and search for Linux I can find the Linux package and you know I probably want the Linux kernel right so that seems like a pretty important package to install there's a couple other really important ones like base and base is going to give you some of the kind of core set of functionality that you'd expect in a Linux system now you could theoretically go in and put all of your packages you want for your desktop environment and here I prefer to not do that I just have a list of ones that I prefer to start out with and then after I get the environment set up I run a whole nother script out I'll probably make a video for that where I install all the desktop environment stuff and blah blah blah but first we just need a reasonable base system so what do I install usually so Linux is pretty important there's also a package called Linux firmware that I find to be super helpful as well the base package as you saw is pretty important and let's actually break down a line so you can see what's going on there's also a base davell so this is base developer which means it's gonna have some build tools and things that it brings in you don't need these per se but I find them super helpful along with base devel you even need things like git and vim because I want to make sure I have those available it's so minimal that you even need to have your your editors available and stuff like that now really importantly we need to make sure we install grub because the grub is going to be our boot loader and then EFI boot manager is important as well that'll help set up some of the EFI stuff there's also a package called Intel u code so if you're using an Intel based processor this is the micro code that runs with that specific processor and then with that we should be pretty well set up so I will hit enter here and if you ever run pac-man before this probably looks pretty familiar we're basically running these package installs against mount and we are effectively installing Linux with this command that's that's pretty much it so you might you know be a little overwhelmed with like how would I know what packages to use well arch on the wiki obviously gives you some base ones it recommends on my website in the description I have all the ones that I just showed you as well probably the biggest package I'm missing right now is anything regarding networking I'll show you how I set that up once we get further into the system but don't think that I've forgotten about that yet so once this is done we're gonna go in and set up some of the filesystem table settings and get a little deeper into the system config alright so now we've got all of our base packages installed and we're gonna start doing some configurations so first thing is to run a command called gen fstab this is gonna create something called a filesystem table we're gonna do - you for using you you IDs to specify the disks we're gonna do it against mount but we're gonna save the file we're really root and we're gonna save the file against mount Etsy and fstab so if you're not super familiar with this file the good news is it pretty much just gets set up for you taking a quick look inside this is going to give some details about mounting partitions which is pretty cool so you can see you've got your crypt root in here you've got the boot in the middle there and then at the very bottom you've got the efi system as well so I guess one thing worth calling out you may have been aware that I didn't actually do anything was swap space swap space would usually show up in here and when we did CG disk we would have allocated some swap space um you can read a bit about swap space my to long didn't read on it is in modern systems it's not really necessary it was a feature that when you ran out of memory would let you page to the hard drive I have zero use for it I never use swap it's it's not that important to me in my desktop environments but if it is important to you it might be something worth considering so we've got the filesystem table set up now for the first time we are able to enter our new Arch Linux system now you're not just gonna reboot yet you're gonna run a command called Arch chroot and you're gonna do that against the amount directory and when you hit enter here this is a command if you've ever treated before that's gonna kind of take your process it's gonna put you inside a mount and make you feel like you're in that new system which basically we are if we do a quick LS this is your brand-new Linux system so so welcome so all we've got to do here is set up some basic configuration this is pretty mundane stuff so I'll just kind of blast through it but first we're gonna create a symbolic link and this is for the time zone so inside of user share zone info you're gonna find a bunch of folders with countries locales blah blah blah we're gonna do for me MST which is Mountain Standard time and we're gonna put this in at C local time which is where the system expects to find a symbolic link to this time zone configuration in fact if you just do a quick cat of this here you can see it's got some information about like what the time zone settings are and all that stuff so it's just gonna kind of respect that for us so next thing we want to do is sync the hardware clock to the system clock so we will do sync to HC which is just a command that we do for any install and then we're going to set up some of the locale information for kind of the language and character settings so we'll do at C locale e gen and inside of here there's going to be a bunch of examples they will usually have a and a language most common for you u.s. people you're probably going to use en us with utf-8 so if you just search for that in here you'll find a line that's commented out right here and you'll just uncomment it that's it that's how you're going to tell it that hey I'm gonna be using this set up with Unicode and English us and then you can just run a command called locale gen and it's gonna generate the locale pieces throughout the system based on your settings now this one's a little funky I'm not super sure why locale gen doesn't do this was probably really good reason but it also recommends that you add inside of a file called Etsy locally conf a environment variable it says language equals en-us utf-8 again this should kind of match what you had just set up in locales you can kind of see that up here so take the setting and be sure to write this laying environment variable inside of Etsy locale so we'll hit enter there and that should be pretty good so the last thing for config on the system level and kind of the most fun is you get to name your computer so this is my laptop I'm gonna call it taco so if we echo out taco we're gonna write that to Etsy host name and this will be the host name of your system so we'll write that in and I've just named my system that's it okay so now we're gonna do the last couple steps and these are the most in the weeds that the installation gets but don't let it intimidate you too much so the first thing we need to do is set up something called init RAM FS or the initial Ram disk this is a minimal root filesystem that boots up in the initial in the in the beginning off of that boot partition and it's gonna be able to do some different stuff to get us access to our full Linux system so to edit the configuration before we generate its config more-or-less or images I should say we're gonna open up at C m'kay and it's cpio conf and you'll find a section in here called hooks and inside of hooks there are a bunch of let's let's just call them like modules if you will guess kind of like packages in a way but we'll say modules that will let you do certain things now normally you wouldn't have to touch this file but the reason you do is you have an encrypted hard drive so before the file systems section right here we're gonna add a module called encrypt and for all intents and purposes you can think of this like a module that will be available on an it Ram FASS that's going to let you decrypt the hard drive and then the other thing we're gonna grab here is the keyboard module and I've been doing this for years I don't know how necessary it is anymore but I remember back in the day I used to need to make sure the keyboard hook was before the encrypt hooks that I could access my keyboard before decrypting I don't even know if that's technically valid but I still do it today and it works fine so I move keyboard up right to here and someday I'll have to look into that and see if it's even necessary nonetheless this is the hook configuration this is all the modification we need to do to this init Ram FS piece of your Linux setup so we'll save this file and then we just need to run that MK init cpio command with the preset set to Linux and it's going to go through check all of our hooks you can see it picked up the encrypt hook that we had set up in there and if all goes well it's going to generate these images for an it Ram FS to kind of boot up in and it is going to place those in the boot directory so now we've got these in the unencrypted boot directory now the last thing we need to do is set up grub and kind of the crux and most challenging part of grub is frankly mapping the uu IDs correctly so what I typically do to make sure I don't mess this up there's a command called blk ID or block ID and I paste this out into the temp directory in something just called ID dot txt so that I can you know lose it after the install but can persist it while I'm going through this config so if I hit enter here and then go into TMP ID txt for you I'll do a no rap so you can see this a little bit easier these are all of my partition uu IDs so p5 the boot would be this UUID right partition 6 which is the one we're primarily gonna care about will be this UUID all right so I'm gonna reference these uu IDs to make sure that the bootloader settings work correctly so if you're not super familiar with boot loaders just think of it in a simplified way of like you get a menu you choose something and it kind of knows which partition and drive to go to and what to do to kind of kick that off let's we'll keep it at that description for now so what we need to do here is head into the configuration for grub and that lives inside of Etsy default grub okay so if we edit enter this file the most important line for us is this grub command-line Linux now in the documentation for when you're using cryptography or encrypting your drive the arch wiki has a good snippet you can paste in I've also got it in my website for this step it will look something like this so basically what you're looking at here is we need to paste in the device UUID for the encrypted partition this can be something that screws people up we're not doing it to the mapped route we're not doing it to p5 we're not doing it to p2 the encrypted partition which is p6 so you might remember that block ID we copied earlier so I'll just go ahead and delete this for now so you UID equals and we're gonna use them there's a command called SP that you can use which will split and we're gonna go to TMP and then go to ID dot txt I'll set no RAF one more time for you and if we find p6 you now can see that this is the UUID of p6 so we need this UUID to be in this command line settings these are kernel parameters that were effectively sending in so with that pasted in we've now got the UUID being referenced and we've got root being set to what we'll eventually open up which is root dev mapper crypt root okay so let's get out of here for a moment and I'm just gonna make a mention of this you might also notice grub enable crypto disk you only need to set this setting if your boot partition is encrypted so the most common cases people will put boot and root together again I've tried to explain why I choose not to do that nonetheless if you did do that you need to uncomment this or else grub won't be able to unencrypted to access its own menu and you'll never actually get to the point that we're setting up here so I'll save this again not making a change to grub crypto disc and now we've got the grub config in place in the last kind of intense configuration setting we need to do is we need to make grub aware of one that there should be a menu option for Windows and two how to actually load windows itself so to do this if look inside of Etsy Grubb D in this folder there's a bunch of these kind of settings that you can put in and there's a forty custom where we can add our own menu items in here so if I run this command one more time I'm gonna do a vim and I'll go in and do 40 custom in here we can paste in whatever we want so what I'm gonna do I need to set paste in this terminal I'm gonna paste in something that comes from the arch wiki's recommendation again on my website - which is basically going to say here's a menu entry for Windows 10 here's a couple settings for what you would need to do to kind of load up that efi and then we're gonna change these pieces right here now the example that comes from the wiki assumes you want to boot into Windows which is sort of true for us but what you have to remember is we have this backed or I guess behind the veracrypt encrypted disk so we actually want to point to varrock rips efi directory okay so I'll show you first we'll just want to set up the chain loader as kind of the first step here now I'll show you what I mean by that so I'll just save this file we'll come back to it let's do an LS into mount boot you're sorry we're not we're not in the mountain where we're in the root filesystem so it should be boot efi so there's the efi directory so that's where the Microsoft example was starting and then if we do efi we can see we've got Microsoft in veracrypt now we know we want veracrypt so let's do that and in veracrypt you can see the dcs boot efi file that's what we want to reference so in short this is our file now I'm gonna explain in a moment why you only need the efi the uppercase efi part and on but let's go into the file first and we'll talk a bit about that so inside a chain loader I will pop that out and paste this in now what's going to end up happening is we're gonna have this menu item search for the UUID of the efi partition so do you remember where the efi partition is it's p2 right so if it knows to start at the efi partition this whole boot efi thing doesn't mean anything because boot efi is the root of the efi partition so if we delete the and put a forward slash this is where the chain loader needs to know to look we need to put in the FS ID I have a cool little grub probe command you can use to get this which is kind of neat obviously we'd want to change this to the whole veracrypt setup but reality is it's actually you don't really need a fancy command to figure this out we already know what all of our uu IDs are right so we need to put in here the the UUID for p2 that's it so remember that text file right we'll do another split will do temp and we'll do IDs text set no wrap one more time and then after doing set no wrap you can see inside of here p2 has this UUID that's it that's all we need to make sure the search works so we'll grab the p2 UUID we'll paste it in and now we've got the setup as is or as we need it to be so we'll save this and to kind of finalize all the changes we've made to grub we're just going to run two commands so I'll clear this out we're gonna run and grub install and grub install we'll assume that you have kind of a canonical efi location so it's assuming you can find EFS efi on boot efi if you did something special to your efi location you might need to pass the efi flag which will let you specify the location and then along with grub install we're gonna go ahead and run grub make config which the output file is going to be boot grub and a new file called grub dot CFG so that will set up the grub config make sure it points to the anit Ram FS as you can see inside of here and it's got everything we need with the linux image and the NIT ráma rám FS fallback image as well so so far we're looking pretty good ok now what do we need to do so there's a couple kind of extra steps that I like to do before I switch over into the system the first thing I'm gonna do is I'm going to install something called network manager now you can find tons of contentious debates about whether network manager is a super bloated network manager arguably it probably is I use it I think it works totally fine so if we do a quick pac-man we're gonna do our first pac-man and so all here so pac-man - yes we are going to install Network Manager network manager is a hundred megabytes and it's going to install a bunch of utilities that will let us connect to the internet when we reboot it will have things we need for Wi-Fi you can see WPA supplicant as a dependency which is going to do WPA negotiation it's all inside here all looking pretty good so network manager is now installed and then to make sure network manager works we're gonna do a systemctl enable network manager basically this is a way for you to say on boot-up I want Network manager to start and start managing my connections and interfaces and so on so with that when we reboot we should be pretty good from a network perspective now a couple more things that I like to set up before I reboot first I like to set the root password because it would suck to lock yourself out so we'll just put in an arbitrary root password here we'll also add a user in so you probably want to add yourself now I put myself in a group called wheel and put my name in as the user and then I do password for my name which allows me to put in a password for my specific user now when I log in is my user I obviously want sudo capability so I'm gonna run a command called VI sudo and VI sudo actually came in with that base develop a kid you might remember and in VI sudo there is a little line that basically if you uncomment it it's gonna say hey anyone in the wheel group is able to run any command as long as they can put their password in so it's another way of saying that I can use sudo as a wheel user alright and that's about it so now we've got a user we've got a base system we should be pretty good to try and reboot now I will say you want to exit out of arch to root right so you're gonna be back in the I so now and for safety purposes I'd highly recommend that you unmount everything in the mount directly so will you mount - arm mount and if we do LS VLK you can see that all of our partitions are still here but none of them are mounted now this is probably the most nerve-wracking part of doing an install actually rebooting and seeing if it works so that's what we're gonna do now we're gonna flip a reboot and I'm going to switch my screens over and let's see what happens so switch over to the your card here of the machine it is now rebooting and when we boot back up we should be able to tell whether we're in our system okay so that's good news first off we can see we've got our menu we've got Arch Linux we've got Windows 10 let's start let's start with a quick validation of Windows 10 I think that's probably the easier part so great Windows 10 just chained loaded over to veracrypt we can type in the password here and hit enter and if all goes well we'll UNCHR approve arrow crypt and then get into our Windows 10 installation which is exactly what we'd want so let's give it another moment here see how it goes okay we're seeing the little windows circle so far so good okay still a black screen come on windows there we go so now through grub we're able to open up Windows without any issue whatsoever that looks great now if this was normally a new install I'd probably give Windows it's like you know 10 hour period of doing updates that it usually needs to do but for now I'm not going to bore you with that and I'll just restart windows so that we can ideally get back to the grub menu and then try to boot up into Arch Linux instead so again given it a little bit of time we're booting up again and there's our grub menu very good so we'll click arch and if we could only be so lucky that this worked the first time so all right that's good news so what it's telling us here is hey I need a passphrase to unlock p6 which we know is our partition so I'm gonna go ahead and put in that passphrase and it will pull through and we're at the login which is great so we've got taco that's my host name sorry that the text is so small by the way there's not a whole lot important to see here but if I do Josh and I log in that all looks pretty good and now I should be set now by default I'm probably not connected to the internet but again remember we enabled that network manager thing so one thing that you can do and there's a ton of ways to this you can type in I know the text is tiny nm let's see is it MN tu i it's been a while since I've used this nmt UI - connect and we'll bring up a graphical interface that looks like this which then you can select your Wi-Fi network if you're not already on Ethernet you can type in your password here and hit OK and it will attempt to connect your machine to the Internet so I'll go ahead and quit now and if we clear out again you might not even be able to see this because the text is so tiny but it looks like I've got an IP and now I should be able to ping google.com that's it so you have a fully functioning Arch desktop and you have a fully functioning Windows desktop now all you've got to do to give yourself a desktop environment is head back to as you might remember that that package manager website right and figure out what package manager sorry not what package manager but what package you want so you could do like gnome it's a pretty heavyweight but capable desktop which would be in here somewhere so gnome let's see oh man there's all there's a bunch of sub pages too but there's gonna be one for like gnome desktop a lot of people really like I 3 which is another another desktop that you can use so I three window manager so all you've got to do to get a graphical environment is use pac-man and do pac-man asks and install the environment in fact the Machine you're seeing right here literally went through this exact same process the only additions that I haven't told you about is there's extra packages I install to do development work and then I also install a window manager in my case I use one called dwm to kind of set myself up so I'll make a separate video on how to kind of configure the desktop environment on top of arch linux just because it's a whole nother whole other can of worms but before I leave you I'm in case something went wrong with your install I want to show you how to get back in and troubleshoot the failure ok so let's say that hypothetically you booted up you know our seemed to go pretty well but you booted up in this case and you know something something went wrong that's not happening here maybe you realized like oh man I forgot to install network manager so that's actually a great example I forgot to install network manager and obviously I can't just run you know hack man install network manager because I don't have internet okay so to get back into the ISO and set ourselves back up all we've got to do here okay is we've got to start off by just typing in reboot and when it reboots we're gonna hit f12 in our system again which is going to hopefully bring us back to the boot menu the idea being we can always boot back into the USB Drive and this is why people usually keep their USB drives around okay we can boot back into the arch USB Drive it's gonna look quite similar to what it did before let's do the just so you can see it know mode set no sorry no mode set one word video equals nineteen twelve eighty by seven sixty let's say alright cool so what make sure the text is fairly big again and we're obviously not going to start from scratch and install everything because that would make this video very long and painful but we're gonna basically get ourselves back to that state we're in we're we're in the ISO but still mounted and using the arch the arch kind of install that we set up here so we'll give it just a moment it's gonna take a second to to boot up here okay so to get back in here and troubleshoot a failed install you pretty much just need to remember the steps we took when we did the install so obviously the first thing I'm gonna tell you as I always do is to start by listing the block devices and this will give you all of the block devices and discs and what we need to start off with is just like before opening p6 because unless we unlock that box we're not going to be able to do anything so we'll start off by running the same command which will be crypt setup lux open we're gonna point it at p6 okay and then we're going to arbitrarily mount this or not sorry cut mounted arbitrarily name this crypt root and then if we put in our password we've now opened up that box right so again we'll do an LS blk we can see crypt root is now available and just like before now we need to start off by mounting or remounting all of the files to the appropriate partition so we'll start by mounting the dev mapper for crypt root into the amount directory we don't need to make directory as this time because they all exist right so we just need to make sure we mount things appropriately so dev p5 is going to be the boot directory as you might remember this will be MNT this will be boot so that's mounted in and then lastly we're going to mount the efi which you know very well is p2 so p2 is going to go to mount boot efi okay so we'll clear this out and we'll do LSB LK for sanity check you probably notice that right column it looks familiar we've got everything mounted in the correct two locations and now you can pretty much start working on your system again in fact we can just run that same arch to route command on to mount and now you're back inside of your system so if you wanted to use you know from previous previous steps we would use like Wi-Fi menu before cheer routing you could use Wi-Fi menu get back on the Internet in fact let's let's literally do that I think that's a good example so if I do Wi-Fi menu here it's gonna scan for networks again and once it scans I will choose my network this and then I will go ahead and throw my password in here okay now that that's sorted I should be on the internet again so this ISO has internet connectivity using its built in Wi-Fi menu will to root in and you know hypothetically I know we said we forgot to install we forgot to install network manager which would be a much more you know reasonable kind of qualifier for why we'd be back in here messing with stuff but you know wow while this isn't really a realistic case let's say for some reason you really needed to install I don't know what the Python package is called hopefully it's just Python let's say Python so we can come in here and it'll be like alright cool so you want to install Python we'll hit yes and when we reboot into our system this will now be installed so again if you replace Python in your mind with something like network manager that lets you help get on the internet you might have forgotten that step come back in here install network manager and then on next reboot you'll be good to go so once you're done playing around again you want to exit out of the arch to route you still have things mounted so you always want to unmount the recursive flag on MNT and then you want to reboot your computer and once again when it reboots even though you've made some of those changes you're gonna be able to boot back up using grub you'll be able to choose Arch Linux or choose Windows accordingly we'll just make sure that that still comes up so there's arch and then we are pretty much good to go we log back in now Python will show up there and we're set so like I had mentioned I'll cover in a subsequent video how you set up the whole desktop environment I just don't want to muddy this up but I hope you found this really helpful I mean we did a lot in a short amount of time we installed Windows we configured it we encrypted it we then completely setup Linux fully encrypted it set up a base system and now we've got a system where when we power on we choose between Windows or Linux we boot one up and we're pretty much good to go so if you found this video helpful I'd super appreciate a like it just gives me a sense of like do you like seeing more of these Linux videos or more development oriented videos and so on and so forth but regardless of whether you like it I'm just stoked that you watched it so hopefully you found it helpful leave a comment below if you got any feedback or ideas for me that could make this install process a little bit easier thanks again and I'll see you in the next video

Info

Channel: octetz

Views: 9,753

Rating: 4.9438596 out of 5

Keywords: linux, arch linux, uefi, windows 10, installation, arch install guide, install guide, linux install, grub, luks, arch luks

Id: ybvwikNlx9I

Channel Id: undefined

Length: 52min 28sec (3148 seconds)

Published: Sun Feb 16 2020