Installing Arch Linux on a USB Drive · Btrfs + LUKS2

sha256sum archlinux-2025.05.01-x86_64.iso

cfdisk /dev/sdY

mkfs.ext2 /dev/sdY1
Formats the first partition (/dev/sdY1) with the EXT2 filesystem.

mkfs.vfat -F32 /dev/sdY2
Formats the second partition (/dev/sdY2) as FAT32. This is typically used for EFI System Partitions.

cryptsetup luksFormat --type luks2 /dev/sdY3
Initializes LUKS2 encryption on the third partition (/dev/sdY3).
Type YES in uppercase to confirm, then type a strong passphrase.

cryptsetup luksOpen /dev/sdY3 cryptroot
Opens the LUKS-encrypted partition and maps it to /dev/mapper/cryptroot.
To interact with the partition as if it were unencrypted.

mkfs.btrfs /dev/mapper/cryptroot
Formats the decrypted partition with the Btrfs filesystem.

mount /dev/mapper/cryptroot /mnt
Mounts the decrypted Btrfs partition to /mnt temporarily so we can create subvolumes.

btrfs subvolume create /mnt/@
Creates the root subvolume @. This will hold the main system files.

btrfs subvolume create /mnt/@home
Creates the home subvolume @home for user data. Keeping it separate makes snapshots safer and easier.

umount /mnt
Unmounts the partition to remount it with the subvolumes as the active filesystem roots.

mount -o relatime,compress=zstd:3,subvol=@ /dev/mapper/cryptroot /mnt
Remounts the root subvolume @ with options:
relatime for efficient access times and compress=zstd:3 for transparent compression.

mkdir -vp /mnt/{boot,home}
Creates the /boot and /home directories inside /mnt to mount the corresponding partitions or subvolumes.

mount -o relatime,compress=zstd:3,subvol=@home /dev/mapper/cryptroot /mnt/home
Mounts the @home subvolume at /mnt/home with the same options as the root subvolume.

mount /dev/sdY2 /mnt/boot
Mounts the EFI system partition at /mnt/boot.

lsblk -pf /dev/sdY
Lists the partitions, filesystems, and mount points to verify everything is set up correctly.

pacstrap -K /mnt linux-lts linux-firmware linux-lts-headers base base-devel nano \
		 btrfs-progs networkmanager grub efibootmgr dosfstools os-prober mtools \
		 bash-completion iwd usbutils intel-ucode amd-ucode

---

• linux-lts – Long-Term Support kernel, stable and maintained for longer periods.
• linux-firmware – Firmware files for various hardware devices.
• linux-lts-headers – Kernel headers for building modules against the LTS kernel.
• base – Essential packages for a minimal Arch Linux system.
• base-devel – Development tools for compiling software (make, gcc, etc.).
• nano – Simple terminal text editor.
• btrfs-progs – Tools for managing Btrfs filesystems.
• networkmanager – Network management daemon and CLI tools.
• grub – Bootloader to start the OS.
• efibootmgr – EFI boot manager to configure UEFI boot entries.
• dosfstools – Tools for creating and checking FAT filesystems.
• os-prober – Detects other OS installations for bootloader configuration.
• mtools – Utilities to access FAT filesystems without mounting them.
• bash-completion – Bash completions for core commands.
• iwd – Wireless daemon for managing Wi-Fi connections.
• usbutils – Utilities to list and query USB devices.
• intel-ucode – Microcode updates for Intel CPUs.
• amd-ucode – Microcode updates for AMD CPUs.

genfstab -U /mnt > /mnt/etc/fstab

genfstab – Generates the fstab file using UUIDs (-U) for all mounted partitions under /mnt, and writes it to /mnt/etc/fstab. This file tells the system which partitions to mount at boot.

arch-chroot /mnt
Enters the new system environment at /mnt, so all following commands affect the installed system,
not the live USB.

echo "zombie" > /etc/hostname
Sets the system name to zombie, Change it to your own hostname, which identifies your computer on networks.

ln -sf /usr/share/zoneinfo/Japan/Tokyo /etc/localtime
Links your local timezone file to /etc/localtime for correct system time. Set it to your own localtime

hwclock --systohc
hwclock – Writes the system time to the hardware clock so it stays accurate after reboots.

echo "en_US.UTF-8 UTF-8" | tee -a /etc/locale.gen
Enables the en_US.UTF-8 locale for system-wide use.

locale-gen
locale-gen – Generates the locale files specified in /etc/locale.gen.

echo "LANG=en_US.UTF-8" > /etc/locale.conf
Sets the default system language environment variable.

echo "KEYMAP=us" > /etc/vconsole.conf
Add your own keymap.

passwd
Prompts to set a strong password for the root account.

auser=yourusername
Defines the username you will create.

useradd -mG wheel "$auser"
Creates the user with a home directory and adds them to the wheel group for administrative privileges.

passwd "$auser"
Sets the password for your new user account.

EDITOR=nano visudo
Edits the sudoers file safely. This allows users in the wheel group to use sudo for administrative tasks.
Uncomment the line at the bottom of the file by removing the # from: %wheel ALL=(ALL) ALL

nano /etc/default/grub
nano – Opens the GRUB configuration file for editing. This file controls bootloader settings and kernel parameters.

GRUB_ENABLE_CRYPTODISK=y     # Uncomment the line by removing the hashtag (#), then save and exit the file
This enables GRUB to recognize LUKS-encrypted partitions at boot, allowing you to enter the passphrase early.

cryptsetup luksUUID /dev/sdY3
Outputs the unique identifier of your LUKS encrypted partition. It tells GRUB which partition to unlock.

UUID=$(cryptsetup luksUUID /dev/sdY3)
sed -i "s|^GRUB_CMDLINE_LINUX=.*|GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$UUID:root rootfstype=btrfs\"|" /etc/default/grub

This two-line command retrieves the LUKS UUID automatically and updates the GRUB configuration safely, avoiding
manual copy/paste.

nano /etc/mkinitcpio.conf
nano – Opens the configuration file where you define which modules and hooks are included in the initramfs.

MODULES=(btrfs usb_storage usbhid xhci_pci ehci_pci)
Here, Btrfs support, USB storage, USB keyboard, and USB controllers are included for proper hardware initialization.

HOOKS=(base udev keyboard autodetect microcode modconf kms keymap consolefont block encrypt filesystems fsck)
HOOKS – Define the sequence of operations during boot. Important points:
- keyboard before autodetect ensures the keyboard works for password entry.
- encrypt before filesystems ensures encrypted volumes are unlocked before mounting.

mkinitcpio -P
Rebuilds all preset initramfs images using the updated configuration, so the system boots
with proper modules and hooks.

grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB --removable --recheck
grub-install – Installs GRUB for UEFI systems.
- --efi-directory=/boot specifies the EFI system partition.
- --bootloader-id=GRUB names the boot entry.
- --removable makes it bootable on removable media.
- --recheck ensures device detection is refreshed.

grub-install --target=i386-pc --boot-directory=/boot /dev/sdY
grub-install – Installs GRUB for BIOS systems.
- --boot-directory=/boot specifies where GRUB files go.
- Replace /dev/sdY with your actual target disk.

grub-mkconfig -o /boot/grub/grub.cfg
grub-mkconfig – Automatically generates the GRUB configuration file, detecting all kernels and operating systems.

systemctl enable systemd-networkd
systemd-networkd – Enables the systemd network service at boot, which manages network interfaces automatically.

systemctl enable systemd-resolved
Provides DNS resolution and caching for the system, required for hostname lookups and internet connectivity.

systemctl enable NetworkManager
NetworkManager – A higher-level tool to manage wired, wireless, and VPN connections with CLI or GUI tools.

host=$(cat /etc/hostname)
sh -c "printf '127.0.0.1   localhost\n::1   localhost\n127.0.1.1   $host.localdomain   $host\n' > /etc/hosts"
Maps hostnames to IP addresses locally.
This ensures your system can resolve its own hostname and loopback addresses without querying DNS.

sh -c 'printf "nameserver 8.8.8.8\nnameserver 1.1.1.1\n" >> /etc/resolv.conf'
/etc/resolv.conf – Adds public DNS servers (Google and Cloudflare) for name resolution.
To ensures the system can resolve domain names on the internet.

pacman -S xfce4 xfce4-goodies lightdm lightdm-gtk-greeter network-manager-applet \
	  bluez bluez-utils wget curl git xdg-utils gvfs openssh alsa-utils \
	  pipewire pipewire-pulse pavucontrol wireplumber unzip ntfs-3g rsync \
	  noto-fonts-emoji noto-fonts-cjk noto-fonts-extra chromium arch-install-scripts gparted

• xfce4 – XFCE desktop environment.
• xfce4-goodies – Additional XFCE plugins and tools.
• lightdm – Display manager for graphical login.
• lightdm-gtk-greeter – GTK-based login screen for LightDM.
• network-manager-applet – GUI for managing network connections.
• bluez – Bluetooth protocol stack.
• bluez-utils – Bluetooth utilities for managing devices.
• wget – Command-line file downloader.
• curl – Command-line tool for transferring data with URLs.
• git – Version control system.
• neofetch – Displays system information in terminal.
• xdg-utils – Desktop integration utilities.
• gvfs – Virtual filesystem support for desktop apps.
• openssh – SSH client and server.
• alsa-utils – ALSA audio utilities.
• pipewire – Multimedia server for audio/video.
• pipewire-pulse – PulseAudio compatibility layer for PipeWire.
• pavucontrol – GUI volume control for PulseAudio/PipeWire.
• wireplumber – PipeWire session manager.
• unzip – Extract ZIP archives.
• ntfs-3g – NTFS filesystem support.
• rsync – File synchronization tool.
• noto-fonts – Much-needed fonts to include extra characters for different languages.
• arch-install-scripts – Scripts to aid in installing Arch Linux on other systems
• gparted – A Partition Magic clone

These packages install XFCE, essential utilities, audio/video support, network management, Bluetooth, and common CLI tools for daily usage.

systemctl enable lightdm
systemctl enable lightdm – Starts the display manager automatically at boot, providing a login screen.

systemctl enable bluetooth
systemctl enable bluetooth – Starts the Bluetooth service automatically at boot for device pairing and management.

exit
exit – Leaves the chroot environment, returning to the live installer system.

umount -R /mnt
Recursively unmounts all partitions mounted under /mnt, ensuring no filesystems are left mounted before shutdown.

poweroff
Shuts down the installer system safely. After this, you can remove the installation media and boot your new system.