Setup Arch Linux on my new Acer Aspire V7 Nitro
Posted in linux on November 25, 2016 by Adrian Wyssmann ‐ 9 min read
I recently purchased a new notebook - an Acer Aspire V7 Nitro Black Edition with very nice specs for a very good price
- Model: VN7-792G-710p
- Processor: QuadCore i7-6700HQ 2.60 GHz
- Memory: 16GB DDR4
- Disk: 256 GB SSD + 2000 GB HDD (5400 RPM)
- Display: 17,3"; Active Matrix TFT Color LCD 1920 x 1080
- Dedicated Graphics: Nvidia® GeForce® GTX 960M 2GB VRAM
- Battery: 3-cell Lithium Polymer (Li-Polymer) 4780 mAh
- Physical Characteristics: 2.54cm x 42.4cm x 29.7″ (HxWxD), 3kg
- Drives: DVD Writer and SD Card reader
New notebook means fresh setup as I don’t use the pre-installed Windows 10 but rather Linux. My distro of choice is Arch Linux which is a great distro and most importantly for me, a rolling release distro, which means frequently updates of packages to have latest software.
Preparation
Before I can install Arch Linux I need a CD or a bootable USB with latest and greatest Arch Linux on it. I choose to create an bootable USB with latest ISO 2016.10.01 - I mean, who still burns CDs in these days? The notebook has an UEFI and implements Secure Boot, so the first thing I have to do is to disable Secure Boot, as otherwise the Computer would not let me boot from USB. This also indicates, I probably should provide a BIOS password, as otherwise anybody who has access to my PC can disable Secure Boot. Once done with the perparation steps I can boot into my live arch.
Installation - the Arch way
Installation of Arch is pretty straightforward by following the Installation Guide if you don’t need something “non-standard”. And here it got a bit tricky for me, especially when it comes to the partition of the disks. So my challenges are basically
- I want to use systemd-boot
- I want the have disk encryption on both disks (SDD and HDD)
- I don’t want to enter the encryption password twice on every startup for SSD and HDD
Sure all information can be found in the Arch Wiki but still, it needs a lot of context switching i.e. read different wiki articles. That’s why I want to explain my setup here.
First steps
First of all I need to change my keyboard layout, otherwise it will drive me nuts
Secondly I need a wifi connection, as I do not have a long enough cable from my router to my desk. So I use wifi-menu to connect to my wireless network. Once done I can ping archlinux.org successfully. Next think is to ensure the clock is accurate
Partition Setup
My computer comes with two disks, an SSD and a normal HDD. I plan to use the HDD for user data i.e. /home and SDD for all the rest (root, swap, …). Both disks shall be fully encrypted using LVM on LUKS therefore I choose to create the following partition setup:
Disk 1
/dev/sda2
will be encrypted with a password so when I boot-up it will ask me for a password. So first I format the partition
In this process I have to provide the password for encryption. After this, I open the container:
The decrypted container is now available at /dev/mapper/lvm
.
On top of the opened LUKS container I create a physical volume and I create a volume group named CryptVol
and add adding the previously created physical volume to it:
Inside of the volume group I create the logical volumes. On disk 1 I only have swap (32GB) and root:
After that the logial volumes are formated with a filesystem. I choose ext4 for my root partition:
Once this is done, I can mount the filesystems:
Disk 2
/dev/sdb1
will be encrypted with a keyfile which I first need to create a keyfile. I will use random characters:
After that I can format the disk with the key and open it
Now I can format and mount the partition
Boot Partition
In plan to use UEFI directly without an intermediate bootloader. Therefore I mount the efi partition /dev/sda1 directly to /boot
Fstab and Crypttab
I generate an fstab file by using UUID:
As I plan to use systemd-boot I will remove the entry for the root partition as this will be specified in the boot loader later on. So here is my modified fstab
As /dev/mapper/home is based on an encrypted partition I also need an appropriate crypttab so that the partition is decrypted upon boot
Install the base packages
Run the pacstrap script to install the base and gnome package groups:
Configure the system
Time setup and localization
To configure the system I haft to change root into the new system and setup time and timezone
Afterwards, I setup the localization. I setup my system using 3 different locales and therefor have the following/etc/locale.gen
Now I can create the localizations by running
My default language is English, so I set the LANG
variable in /etc/locale.conf
as follows:
In contrary to the keyboard layout which shall be Swiss German so I make the appropriate changes /etc/console.conf
:
Last steps are defining hostname
in /etc/hostname
and adding a matching entry to /etc/hosts
:
See also Network configuration#Set the hostname.
Root password and additional user
Set the root password:
Then I need at least a user as running the system with root is definitively not a good idea. The user shall be admin (i.e. in the wheel group) and as well to other groups:
A quick check in an TTY shall ensure that the login works.
Sudo
After adding the user, I will establish sudo and harden the system a bit. Therefore I have to install sudo via pacman and then modify the /etc/sudoers file with visudo. For now I just uncomment the following line:
Now that my user is setup, I can disable root user
Network configuration
I plan to use NetworkManager therefore I have to install additional packages …
… then enable the service
Boot Manager
I choose to use systemd-boot and not using any intermediate boot manager like GRUB. I’ve already booted in UEFI mode and mounted efi partition to /boot. The following command installs systemd-boot:
Once this is done I configure the boot loader entries in /boot/loader/loader.conf
and the /boot/loader/entries/arch.conf. Remember that I have setup disk with full encryption:
Remark: Unfortunately the above configuration does not w0rk, as my home partition is not decrypted. I solved this by providing some additional luks parameters, which is not nice and should not be required as the information is provided in fstab and crypttab and shall be decrypted automatically by the systemd-cryptsetup-generator. However, for now I am fine with that.
Initramfs
As I use systemd, lvm and disk encryption I have to modify /etc/mkinitcpio.conf as follows:
With this I can create the new initramfs
Power Management
For power management I choose to use TLP based on this Reddit thread. From the project page:
TLP brings you the benefits of advanced power management for Linux without the need to understand every technical detail. TLP comes with a default configuration already optimized for battery life, so you may just install and forget it. Nevertheless TLP is highly customizable to fulfill your specific requirements.
In order to do that, I have to install tlp, enable and start the service
Gnome
When using pacstrap I also installed Gnome environment. I want it started when I boot my computer, therefore gdm service needs to be enabled
Finishing and rebooting
Finally my system is installed and ready, so one has to exit chroot and then reboot the system:
Before I continue booting into the system I will enable Secure Boot again, which I have disabled in the beginning. Afterwards, the system boots up and asks me for the encryption password for my lvm volume. By providing the correct password my system boots up and shows me the Gnome Login Screen.
Post Installation
Now that my system is up and running I can move forward installing missing software and do the fine tuning of my system.