Setup Arch Linux on my new Acer Aspire V7 Nitro
Posted in linux on November 25, 2016 by Adrian Wyssmann ‐ 9 min read
I recently purchased a new notebook - an Acer Aspire V7 Nitro Black Edition with very nice specs for a very good price
- Model: VN7-792G-710p
- Processor: QuadCore i7-6700HQ 2.60 GHz
- Memory: 16GB DDR4
- Disk: 256 GB SSD + 2000 GB HDD (5400 RPM)
- Display: 17,3"; Active Matrix TFT Color LCD 1920 x 1080
- Dedicated Graphics: Nvidia® GeForce® GTX 960M 2GB VRAM
- Battery: 3-cell Lithium Polymer (Li-Polymer) 4780 mAh
- Physical Characteristics: 2.54cm x 42.4cm x 29.7″ (HxWxD), 3kg
- Drives: DVD Writer and SD Card reader
New notebook means fresh setup as I don’t use the pre-installed Windows 10 but rather Linux. My distro of choice is Arch Linux which is a great distro and most importantly for me, a rolling release distro, which means frequently updates of packages to have latest software.
Preparation
Before I can install Arch Linux I need a CD or a bootable USB with latest and greatest Arch Linux on it. I choose to create an bootable USB with latest ISO 2016.10.01 - I mean, who still burns CDs in these days? The notebook has an UEFI and implements Secure Boot, so the first thing I have to do is to disable Secure Boot, as otherwise the Computer would not let me boot from USB. This also indicates, I probably should provide a BIOS password, as otherwise anybody who has access to my PC can disable Secure Boot. Once done with the perparation steps I can boot into my live arch.
Installation - the Arch way
Installation of Arch is pretty straightforward by following the Installation Guide if you don’t need something “non-standard”. And here it got a bit tricky for me, especially when it comes to the partition of the disks. So my challenges are basically
- I want to use systemd-boot
- I want the have disk encryption on both disks (SDD and HDD)
- I don’t want to enter the encryption password twice on every startup for SSD and HDD
Sure all information can be found in the Arch Wiki but still, it needs a lot of context switching i.e. read different wiki articles. That’s why I want to explain my setup here.
First steps
First of all I need to change my keyboard layout, otherwise it will drive me nuts
[root ~]$ loadkeys de_CH-latin1
Secondly I need a wifi connection, as I do not have a long enough cable from my router to my desk. So I use wifi-menu to connect to my wireless network. Once done I can ping archlinux.org successfully. Next think is to ensure the clock is accurate
[root ~]$ timedatectl set-ntp true
Partition Setup
My computer comes with two disks, an SSD and a normal HDD. I plan to use the HDD for user data i.e. /home and SDD for all the rest (root, swap, …). Both disks shall be fully encrypted using LVM on LUKS therefore I choose to create the following partition setup:
Device Start End  Sectors Size Type
/dev/sda1 2048 206847 204800 100M EFI System
/dev/sda2 206848 500118158 499911311 238.4G Linux LVM
/dev/sdb1 2048 3907029134 3907027087 1.8T Linux LVM
+---------------+-----------------+-----------------+ +----------------------------+
|ESP partition: |Volume 1: |Volume 2: | | Volume 1: |
|/boot |root |swap | |home |
| |/dev/mapper/root |/dev/mapper/root | |/dev/mapper/home |
|/dev/sda1 +-----------------+-----------------+ +----------------------------+
|unencrypted |/dev/sda2 encrypted LVM on LUK | | /dev/sdb1 encrypted LUKS |
+---------------+-----------------+-----------------+ +----------------------------+
Disk 1
/dev/sda2
will be encrypted with a password so when I boot-up it will ask me for a password. So first I format the partition
[root ~]$ cryptsetup luksFormat /dev/sda2
In this process I have to provide the password for encryption. After this, I open the container:
[root ~]$ cryptsetup open --type luks /dev/sda2 lvm
The decrypted container is now available at /dev/mapper/lvm
.
On top of the opened LUKS container I create a physical volume and I create a volume group named CryptVol
and add adding the previously created physical volume to it:
[root ~]$ pvcreate /dev/mapper/lvm
[root ~]$ vgcreate CryptVol /dev/mapper/lvm
Inside of the volume group I create the logical volumes. On disk 1 I only have swap (32GB) and root:
[root ~]$ lvcreate -L 32G CryptVol -n swap
[root ~]$ lvcreate -l 100%FREE Cryptvol-n root
After that the logial volumes are formated with a filesystem. I choose ext4 for my root partition:
[root ~]$ mkfs.ext4 /dev/mapper/CryptVol-root
[ropt ~]$ mkswap /dev/mapper/CryptVol-swap
Once this is done, I can mount the filesystems:
[root ~]$ mount /dev/mapper/CryptVol-root /mnt
[root ~]$ swapon /dev/mapper/CryptVol-swap
Disk 2
/dev/sdb1
will be encrypted with a keyfile which I first need to create a keyfile. I will use random characters:
[root ~]$ dd bs=512 count=4 if=/dev/urandom of=/etc/keyfile.enc iflag=fullblock
After that I can format the disk with the key and open it
[root ~]$ cryptsetup luksFormat /dev/sdb1 --key-file=/etc/keyfile.enc
[root ~]$ cryptsetup open --type luks /dev/sdb1 --key-file=/etc/keyfile.enc home
Now I can format and mount the partition
[root ~]$ mkfs.ext4 /dev/mapper/home
[root ~]$ mkdir /mnt/home mount
[root ~]$ /dev/mapper/home /mnt/home
Boot Partition
In plan to use UEFI directly without an intermediate bootloader. Therefore I mount the efi partition /dev/sda1 directly to /boot
[root ~]$ mount /dev/sda1 /mnt/boot
Fstab and Crypttab
I generate an fstab file by using UUID:
[root ~]$ genfstab -U /mnt >> /mnt/etc/fstab
As I plan to use systemd-boot I will remove the entry for the root partition as this will be specified in the boot loader later on. So here is my modified fstab
#
## /etc/fstab: static file system information
#
## <file system> <dir> <type> <options> <dump> <pass>
UUID=3E22-B7AB /boot vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro 0 2
## /dev/mapper/home
/dev/mapper/home /home ext4 rw,relatime,data=ordered 0 2
As /dev/mapper/home is based on an encrypted partition I also need an appropriate crypttab so that the partition is decrypted upon boot
## crypttab: mappings for encrypted partitions
#
## Each mapped device will be created in /dev/mapper, so your /etc/fstab
## should use the /dev/mapper/<name> paths for encrypted devices.
#
## The Arch specific syntax has been deprecated, see crypttab(5) for the
## new supported syntax.
## <name> <device> <password> <options>
home UUID=1d8820b3-346c-424c-aa56-c7a6c4874e86 /etc/keyfile.enc luks,timeout=15
Install the base packages
Run the pacstrap script to install the base and gnome package groups:
[root ~]$ pacstrap /mnt base gnome gnome-extra
Configure the system
Time setup and localization
To configure the system I haft to change root into the new system and setup time and timezone
[root ~]$ arch-chroot /mnt
[root ~]$ ln -s /usr/share/zoneinfo/Europe/Zurich /etc/localtime
[root ~]$ hwclock --systohc
Afterwards, I setup the localization. I setup my system using 3 different locales and therefor have the following/etc/locale.gen
es_AR.UTF8 UTF8
en_US.UTF8 UTF8
de_CH.UTF8 UTF8
Now I can create the localizations by running
[root@chroot ~]$ locale-gen
My default language is English, so I set the LANG
variable in /etc/locale.conf
as follows:
LANG=en_US.UTF-8
In contrary to the keyboard layout which shall be Swiss German so I make the appropriate changes /etc/console.conf
:
KEYMAP=de_CH-latin1
Last steps are defining hostname
in /etc/hostname
and adding a matching entry to /etc/hosts
:
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
127.0.1.1 archlinux.localdomain archlinux
See also Network configuration#Set the hostname.
Root password and additional user
Set the root password:
[root@chroot ~]$ passwd
Then I need at least a user as running the system with root is definitively not a good idea. The user shall be admin (i.e. in the wheel group) and as well to other groups:
[root@chroot ~]$ useradd -m -G wheel,gdm,rfkill,sys,log,http -p <password> adrian
A quick check in an TTY shall ensure that the login works.
Sudo
After adding the user, I will establish sudo and harden the system a bit. Therefore I have to install sudo via pacman and then modify the /etc/sudoers file with visudo. For now I just uncomment the following line:
%wheel ALL=(ALL) ALL
Now that my user is setup, I can disable root user
[root@chroot ~]$ passwd -l root
Network configuration
I plan to use NetworkManager therefore I have to install additional packages …
[root@chroot ~]$ pacman -S NetworkManager network-manager-applet
… then enable the service
[root@chroot ~]$ systectl enable NetworkManager
...
[root@chroot ~]$ systectl start NetworkManager
Boot Manager
I choose to use systemd-boot and not using any intermediate boot manager like GRUB. I’ve already booted in UEFI mode and mounted efi partition to /boot. The following command installs systemd-boot:
[root@chroot ~]$ bootctl install
Once this is done I configure the boot loader entries in /boot/loader/loader.conf
default arch
timeout 4
editor 0
and the /boot/loader/entries/arch.conf. Remember that I have setup disk with full encryption:
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options luks.uuid=556bf1e4-3730-4da3-8688-0f3c468bf5bb resume=/dev/mapper/CryptVol-swap root=/dev/mapper/CryptVol-root rw
1d8820b3-346c-424c-aa56-c7a6c4874e86
Remark: Unfortunately the above configuration does not w0rk, as my home partition is not decrypted. I solved this by providing some additional luks parameters, which is not nice and should not be required as the information is provided in fstab and crypttab and shall be decrypted automatically by the systemd-cryptsetup-generator. However, for now I am fine with that.
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options luks.uuid=556bf1e4-3730-4da3-8688-0f3c468bf5bb luks.uuid=1d8820b3-346c-424c-aa56-c7a6c4874e86 luks.key=/etc/keyfile.enc resume=/dev/mapper/CryptVol-swap root=/dev/mapper/CryptVol-root rw
1d8820b3-346c-424c-aa56-c7a6c4874e86
Initramfs
As I use systemd, lvm and disk encryption I have to modify /etc/mkinitcpio.conf as follows:
HOOKS="base systemd autodetect modconf block sd-encrypt sd-lvm2 filesystems keyboard fsck"
With this I can create the new initramfs
mkinitcpio -p linux
Power Management
For power management I choose to use TLP based on this Reddit thread. From the project page:
TLP brings you the benefits of advanced power management for Linux without the need to understand every technical detail. TLP comes with a default configuration already optimized for battery life, so you may just install and forget it. Nevertheless TLP is highly customizable to fulfill your specific requirements.
In order to do that, I have to install tlp, enable and start the service
[root@chroot ~]$ pamcan -S tlp smartmontools lm_sensors
...
[root@chroot ~]$ sudo systemctl enable tlp
...
[root@chroot ~]$ sudo systemctl start tlp
Gnome
When using pacstrap I also installed Gnome environment. I want it started when I boot my computer, therefore gdm service needs to be enabled
[root@chroot ~]$ sudo systemctl enable gdm
...
Finishing and rebooting
Finally my system is installed and ready, so one has to exit chroot and then reboot the system:
[root@chroot ~]$ exit
[root ~]$ umount -R /mnt
[root ~]$ reboot
Before I continue booting into the system I will enable Secure Boot again, which I have disabled in the beginning. Afterwards, the system boots up and asks me for the encryption password for my lvm volume. By providing the correct password my system boots up and shows me the Gnome Login Screen.
Post Installation
Now that my system is up and running I can move forward installing missing software and do the fine tuning of my system.