Every time I start installing Arch Linux, it’s like a new journey: it seems like nothing much has changed over the years, but every time something new happens.
I’ve written about this a lot, and it’s time to write about it again because I bought a new laptop.
At first, I was too lazy to do everything by hand, so I decided to try ready-made images. I even tried Fedora, because it’s easy to install and everything is included, but no, not for me, because I really missed the Pacman/AUR repositories, and I was constantly messing with upgrades by getting messages that “your system is no longer supported, upgrade to 42”.
So I decided to return to Arch Linux, which I have been using since 2016.
The first thing I tried was EndeavourOS – it’s very good, actually. I installed it with KDE, and everything “just works” – without any additional movements. It comes with all the batteries included, and a customized environment to choose from – KDE/Gnome/LXDE/etc.
But then I kind of missed the Openbox WM and its minimalism, so decided to switch back to it.
Similarly, at first, I decided not to waste time and just look for ready-made solutions. And there are, for example, the Archcraft. Everything is also prepared, the guy has done everything very nicely – the GRUB screen, and all kinds of Openbox/Fluxbox/Hyprland tuning – a lot of things, for any taste.
I set it up, played with it, but still wanted to have something “my own”, because I want to know my system – where, what, how, and why it was made. So I took a clean Arch Linux ISO, created a bootable USB drive, and installed everything from scratch.
So today, we will go through the process of partitioning the disk and installing a clean system since. The laptop is planned for work. Thus, I will do it with the LUKS encryption for disks.
Contents
Starting the installation, WiFi
Create a flash drive with the Arch Linux ISO, reboot the machine from it, and set up WiFi. I do this more for myself, because then it’s easier to connect from another computer via SSH, and do everything in a full-fledged environment where I copy commands/results to the RTFM blog, to this post.
We already have iwctl in the image, let’s run it:
# iwctl
Find the available networks:
[iwd]# station wlan0 get-networks
Connect (iwctl supports TAB substitution, so you don’t have to type everything by hand):
[iwd]# station wlan0 connect setevoy-tplink-5 Passphrase:*******
Check the status – the State should be Connected:
[iwd]# station wlan0 show
We exit by Ctrl+D, and can ping some Google to check.
Find the IP:
# ip a s wlan0
Set the root password :
# passwd root
And connect to this machine from another computer:
$ ssh [email protected]
archinstall vs manual installation
Once upon a time, Arch Linux added the archinstall script to simplify the process. But I haven’t made friends with it – the disk partitioning is not very convenient, nor is the installation of packages.
So we’ll do it the old school way, manually.
By the way, I don’t remember if archinstall supports encryption.
Preparation: disks
Choosing a layout – LVM, partitions
I used to work with LVM + LUKS, and in LVM there are separate groups for / and /home.
Having separate partitions seems to be more convenient, because you have better control over the free space, and you can reinstall the system without losing data in the home directories, plus all kinds of user settings. And if you also have LVM, you can easily resize partitions and make snapshots for backups.
But for the years I’ve had this scheme on my work laptop (~5 years now), I’ve never used these features.
So this time I decided to do both / and /home on one large partition, and without LVM – a little easier setup, easier debugging in case of problems when you need to boot from a flash drive and rebuild the kernel.
- I wrote about installing purely with LVM here – Arch: installing with LVM (rus) and here Arch: installing with LVM + Openbox + Tint2 (2016) (rus)
- a little more about LVM and partitions – in Arch: installing on top of Ubuntu while keeping home in LVM (2017) (rus)
- about LVM + LUKS – here Arch Linux: installing with LVM and LUKS disk encryption (2018) (rus)
- similarly, but for the first time with GPT instead of MBR – described here: Arch Linux: installing with UEFI, GPT, LVM and LUKS encryption (2018) (rus)
- I wrote about dual boot with Windows here – Arch Linux: installing with EFI and dual-boot with Windows (2019) (eng)
So, we’ll do it without LVM, but with LUKS, and the system and $HOME on the same partition.
Disk partitioning with fdisk
Again, it’s a matter of habit, but I’ve been using fdisk for a long time, so we’ll go with it.
Let’s check the devices:
[root@archiso ~]# fdisk -l Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors Disk model: Samsung SSD 850 ... Disklabel type: gpt ... Device Start End Sectors Size Type /dev/sda1 4096 4198399 4194304 2G EFI System /dev/sda2 4198400 416672903 412474504 196.7G Linux filesystem /dev/sda3 416672904 488397101 71724198 34.2G Linux swap Disk /dev/sdb: 28.91 GiB, 31037849600 bytes, 60620800 sectors Disk model: DataTraveler 2.0 ... Device Boot Start End Sectors Size Id Type /dev/sdb1 * 64 2074623 2074560 1013M 0 Empty /dev/sdb2 2074624 2428927 354304 173M ef EFI (FAT-12/16/32) ...
Here:
/dev/sdb: USB with Arch Linux ISO, 30 gigabytes/dev/sda: the main disk, the laptop’s SSD, 250 gigabytes
The SSD now has partitions and data from EndeavourOS, so let’s delete everything and start from scratch.
Start fdisk on sda:
root@archiso ~ # fdisk /dev/sda ... Command (m for help):
Let’s double-check that this is the right disk – “Samsung SSD, 250 gig“:
... Command (m for help): p Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors Disk model: Samsung SSD 850 ...
Important: next, we are going to delete ALL data from the disk! Make sure you made a backup.
Delete all partitions:
Command (m for help): d Partition number (1-3, default 3): Partition 3 has been deleted. Command (m for help): d Partition number (1,2, default 2): Partition 2 has been deleted. Command (m for help): d Selected partition 1 Partition 1 has been deleted
Save the changes:
Command (m for help): w The partition table has been altered. Calling ioctl() to re-read partition table. Synchronizing disks.
Run fdisk one more time:
root@archiso ~ # fdisk /dev/sda
Let’s check what’s on the disk now – nothing:
Command (m for help): p Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors Disk model: Samsung SSD 850 ... Disklabel type: gpt Disk identifier: 51B93327-8CC4-4D94-9243-67A797A845B2
Let’s start creating new partitions.
We need four of them:
- for EFI
- a separate partition for
/boot– because you need to loadinitramfsto the RAM from somewhere before you can decrypt the disk - for Swap
- and a partition for the system itself and
/home
The order of creation is not that important, because modern systems and kernels will find everything themselves, but it is better to stick to the standard approach:
- EFI first, because that’s where our bootloader is located (the efi-file will be searched there)
- then
/boot– there is a kernel for booting and the rest of the GRUB files - then Swap – because “historically” since the days of mechanical HDDs, where the first partitions (closer to the edge of the disk) were read faster
- and then the main partition under
/and/home
Create the first partition, for EFI, 512 megabytes:
Command (m for help): n
Partition number (1-128, default 1):
First sector (2048-2000409230, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-2000409230, default 2000408575): +512M
Created a new partition 1 of type 'Linux filesystem' and of size 512 MiB.
Partition #1 contains a vfat signature.
Do you want to remove the signature? [Y]es/[N]o: Y
The signature will be removed by a write command.
Now you need to specify the type of partition, EFI – t (type):
Command (m for help): t
Find all with the L:
Partition type or alias (type L to list all): L 1 EFI System C12A7328-F81F-11D2-BA4B-00A0C93EC93B 2 MBR partition scheme 024DEE41-33E7-11D3-9D69-0008C781F39F ...
Set the value to “1”:
Partition type or alias (type L to list all): 1 Changed type of partition 'Linux filesystem' to 'EFI System'.
Create a second partition, for the /boot where initramfs and the system kernel will be located.
512 megabytes should be enough for everything – vmlinuz-linux is about 10 megabytes, initramfs-linux.img is another 20-30, and a fallback image is a bit larger.
For example, my another laptop with Arch Linux:
$ ls -lh /boot/ total 67M drwxr-xr-x 3 root root 4.0K Jan 1 1970 EFI drwxr-xr-x 6 root root 4.0K Dec 7 2020 grub -rw------- 1 root root 39M May 2 16:44 initramfs-linux-fallback.img -rw------- 1 root root 14M May 2 16:44 initramfs-linux.img drwx------ 2 root root 16K Dec 7 2020 lost+found -rw-r--r-- 1 root root 15M May 2 16:44 vmlinuz-linux
So, add a new partition:
...
Command (m for help): n
Partition number (2-128, default 2):
First sector (1050624-488397134, default 1050624):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (1050624-488397134, default 488396799): +512M
Created a new partition 2 of type 'Linux filesystem' and of size 512 MiB.
...
Next, we need to add a Swap partition.
Previously, we used to do x2 of the available RAM. Now, if hibernate is going to be used, we make the size of the RAM + a couple of gigabytes in reserve.
This laptop has 32 gigabytes, so let’s make it 34 for the Swap:
...
Command (m for help): n
Partition number (3-128, default 3):
First sector (2099200-488397134, default 2099200):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2099200-488397134, default 488396799): +34G
Created a new partition 3 of type 'Linux filesystem' and of size 34 GiB.
...
Find the type of Linux swap – again with L:
... Partition number (1-3, default 3): L ... 19 Linux swap ...
Set the type with the t:
... Partition number (1-3, default 3): Partition type or alias (type L to list all): 19 Changed type of partition 'Linux filesystem' to 'Linux swap'. ...
And the last one is the partition for the system itself, all the remaining space (just press Enter):
...
Command (m for help): n
Partition number (4-128, default 4):
First sector (73402368-488397134, default 73402368):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (73402368-488397134, default 488396799):
Created a new partition 4 of type 'Linux filesystem' and of size 197.9 GiB.
...
Let’s check what we did with p:
... Command (m for help): p Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors Disk model: Samsung SSD 850 Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: BE8FEE73-C9BB-4959-A258-12A3FCF906FF Device Start End Sectors Size Type /dev/sda1 2048 1050623 1048576 512M EFI System /dev/sda2 1050624 2099199 1048576 512M Linux filesystem /dev/sda3 2099200 73402367 71303168 34G Linux swap /dev/sda4 73402368 488396799 414994432 197.9G Linux filesystem ...
Write the changes:
... Command (m for help): w The partition table has been altered. Calling ioctl() to re-read partition table. Syncing disks
Encryption with LUKS
Let’s see what we have with the partitions now:
[root@archiso ~]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS loop0 7:0 0 846.7M 1 loop /run/archiso/airootfs sda 8:0 0 232.9G 0 disk ├─sda1 8:1 0 512M 0 part ├─sda2 8:2 0 512M 0 part ├─sda3 8:3 0 34G 0 part └─sda4 8:4 0 197.9G 0 part sdb 8:16 1 28.9G 0 disk ├─sdb1 8:17 1 1013M 0 part └─sdb2 8:18 1 173M 0 part sdc 8:32 1 0B 0 disk
4 new partitions on /dev/sda, of which /dev/sda4 is a root partition for the system, and we will encrypt it.
We use the latest standard, luks2, and add the '-y‘ to prompt for password confirmation:
[root@archiso ~]# cryptsetup -y luksFormat --type luks2 /dev/sda4 WARNING! ======== This will overwrite data on /dev/sda4 irrevocably. Are you sure? (Type 'yes' in capital letters): YES Enter passphrase for /dev/sda4: Verify passphrase:
That’s it – the data is already encrypted.
Now, to install the system, we need to decrypt the disk with the same cryptsetup command:
[root@archiso ~]# cryptsetup open /dev/sda4 cryptroot Enter passphrase for /dev/sda4:
Now there should be a new partition in /dev/mapper that cryptsetup creates when it decrypts the disk, and it’s actually just a symlink to the physical partition:
[root@archiso ~]# ls -l /dev/mapper/cryptroot lrwxrwxrwx 1 root root 7 May 26 12:06 /dev/mapper/cryptroot -> ../dm-0
Creating file systems
What kind of file systems do we need:
- EFI:
Fat32 /and/boot:ext4(old and proven, never used any btrfs, although it might be worth a try)- Swap: leave it as it is, but run
mkswap(set the headerLINUX_SWAP), and later doswapon
Create a file system on the main partition, /dev/sda4 (or /dev/mapper/cryptroot):
[root@archiso ~]# mkfs.ext4 /dev/mapper/cryptroot mke2fs 1.47.2 (1-Jan-2025) Creating filesystem with 51870208 4k blocks and 12967936 inodes Filesystem UUID: 6bbbd1c2-7396-4d23-91eb-4188079e6df8 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624, 11239424, 20480000, 23887872 Allocating group tables: done Writing inode tables: done Creating journal (262144 blocks): done Writing superblocks and filesystem accounting information: done
Similarly for the /boot, but here through /dev/sda2:
root@archiso ~ # mkfs.ext4 /dev/nvme0n1p2
Now Fat32 for the EFI, /dev/sda1:
[root@archiso ~]# mkfs.fat -F32 /dev/sda1 mkfs.fat 4.2 (2021-01-31)
And Swap:
[root@archiso ~]# mkswap /dev/sda3 Setting up swapspace version 1, size = 34 GiB (36507217920 bytes) no label, UUID=9132a23f-bb87-43d1-9ac5-33b75bf17f35
Check:
[root@archiso ~]# fdisk -l /dev/sda Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors Disk model: Samsung SSD 850 ... Device Start End Sectors Size Type /dev/sda1 2048 1050623 1048576 512M EFI System /dev/sda2 1050624 2099199 1048576 512M Linux filesystem /dev/sda3 2099200 73402367 71303168 34G Linux swap /dev/sda4 73402368 488396799 414994432 197.9G Linux filesystem
Okay, let’s move on.
Mounting partitions
Mount the partitions:
sda4, root partition: to/mntsda2, boot: to/mnt/bootsda1, EFI: to/mnt/boot/efi- and run
swaponon the/dev/sda3
Run:
[root@archiso ~]# mount /dev/mapper/cryptroot /mnt [root@archiso ~]# mkdir /mnt/boot [root@archiso ~]# mount /dev/sda2 /mnt/boot [root@archiso ~]# mkdir /mnt/boot/efi [root@archiso ~]# mount /dev/sda1 /mnt/boot/efi [root@archiso ~]# swapon /dev/sda3
Check swap:
[root@archiso ~]# swapon --show NAME TYPE SIZE USED PRIO /dev/sda3 partition 34G 0B -2
And the rest of the partitions:
[root@archiso ~]# lsblk /dev/sda NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 232.9G 0 disk ├─sda1 8:1 0 512M 0 part /mnt/boot/efi ├─sda2 8:2 0 512M 0 part /mnt/boot ├─sda3 8:3 0 34G 0 part [SWAP] └─sda4 8:4 0 197.9G 0 part └─cryptroot 253:0 0 197.9G 0 crypt /mnt
Installing the system
Install the necessary packages from pacstrap.
It’s better to add everything for Wi-Fi now, including dhcpd, so that you don’t have issues with the connection, and may install openssh any other necessary software:
[root@archiso ~]# lsblk /dev/sda NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 232.9G 0 disk ├─sda1 8:1 0 512M 0 part /mnt/boot/efi ├─sda2 8:2 0 512M 0 part /mnt/boot ├─sda3 8:3 0 34G 0 part [SWAP] └─sda4 8:4 0 197.9G 0 part └─cryptroot 253:0 0 197.9G 0 crypt /mnt
Iris Xe Graphics
My new laptop (Lenovo ThinkPad T14 Gen 5) has an Iris Xe Graphics card, and it took some dancing, because the first attempts to launch Archcraft resulted in a black screen.
The solution was to add the nomodeset to the kernel load.
Install additional packages:
root@archiso ~ # pacstrap -K /mnt mesa vulkan-intel intel-media-driver libva libva-utils
Switch to the new system with arch-chroot, and if exist, remove the xf86-video-intel:
[root@archiso /]# pacman -Rns xf86-video-intel error: target not found: xf86-video-intel
Exit the chroot environment and move on.
Creating the fstab
Generate /etc/fstab with partitions:
[root@archiso ~]# genfstab -U /mnt >> /mnt/etc/fstab
Check:
[root@archiso ~]# cat /mnt/etc/fstab # Static information about the filesystems. # See fstab(5) for details. # <file system> <dir> <type> <options> <dump> <pass> # /dev/mapper/cryptroot UUID=6bbbd1c2-7396-4d23-91eb-4188079e6df8 / ext4 rw,relatime 0 1 # /dev/sda2 UUID=93dade4c-1579-4256-8491-4e560fc563c4 /boot ext4 rw,relatime 0 2 # /dev/sda1 UUID=BBE3-903E /boot/efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2 # /dev/sda3 UUID=9132a23f-bb87-43d1-9ac5-33b75bf17f35 none swap defaults 0 0
Everything looks like it’s OK.
Building the kernel with the mkinitcpio
Since we are using LUKS, we need to add an action (actually, the “hook”) encrypt so that the kernel decrypts the partition at the system startup.
The keyboard and keymap should already be there, but it’s better to check – they are used to enter the password for decryption.
Edit the file /mnt/etc/mkinitcpio.conf (/mnt! – or do chroot), find the line with HOOKS:
... HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems fsck) ...
Add encrypt after block and before filesystems – the order is important:
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt resume filesystems fsck)
(if we use hibernation, we add resume before filesystem )
Why the order is important:
block– finds disksencrypt– decrypts a partitionfilesystems– mounts partitions
If there is no encrypt hook, initramfs will not ask for a password and will not be able to mount the partition.
Note: by the way, here’s an important nuance: if we don’t encrypt Swap, and a laptop that was in hibernation is stolen, they can get all the information that was in the memory.
Therefore, if you do everything securely, then Swap should also be encrypted. Or use a swapfile on a root partition that is encrypted.
Run arch-chroot:
[root@archiso ~]# arch-chroot /mnt/
Build the kernel:
[root@archiso /]# mkinitcpio -P ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default' ==> Using default configuration file: '/etc/mkinitcpio.conf' -> -k /boot/vmlinuz-linux -g /boot/initramfs-linux.img ... -> Running build hook: [encrypt] -> Running build hook: [resume] -> Running build hook: [filesystems] -> Running build hook: [fsck] ==> Generating module dependencies ==> Creating zstd-compressed initcpio image: '/boot/initramfs-linux-fallback.img' -> Early uncompressed CPIO image generation successful ==> Initcpio image generation successful
GRUB
Since we have an encrypted partition, we need to specify it in GRUB so that it tells the kernel to perform decryption.
This can be done with the modern /etc/crypttab, or “the old school way” – with the GRUB_CMDLINE_LINUX.
I didn’t use crypttab, and I don’t have any additional partitions, so GRUB_CMDLINE_LINUX will be enough.
Add three more packages – the grub itself, efibootmgr (although we already installed it), and intel-ucode to have the latest updates for the CPU (this is, of course, if you have an Intel CPU, not an AMD one).
You can check it like this:
[root@archiso /]# lscpu | grep 'Vendor' Vendor ID: GenuineInte
If you have AMD, then use the amd-ucode package.
Install it:
[root@archiso /]# pacman -S grub efibootmgr intel-ucode
Install GRUB itself to the EFI partition /boot/efi:
[root@archiso /]# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB Installing for x86_64-efi platform. Installation finished. No error reported
Adding a cryptdevice
Find the UUID of the encrypted partition:
[root@archiso /]# blkid | grep LUKS /dev/sda4: UUID="738d2f9b-7ffa-4d4e-93be-e00af0a64d5b" TYPE="crypto_LUKS" PARTUUID="32835823-6901-4bbf-9520-1876e64ba109"
(I made a mistake here – took the wrong UUID, and the system did not boot, see at the end)
Edit the /etc/default/grub, find the line GRUB_CMDLINE_LINUX="", and add the cryptdevice parameter:
... GRUB_CMDLINE_LINUX="cryptdevice=UUID=738d2f9b-7ffa-4d4e-93be-e00af0a64d5b:cryptroot root=/dev/mapper/cryptroot" ...
Adding a resume
If we plan to use hibernate, the kernel needs to be told which partition to read data from.
Find the UUID of the Swap partition:
[root@archiso /]# blkid | grep swap /dev/sda3: UUID="9132a23f-bb87-43d1-9ac5-33b75bf17f35" TYPE="swap" PARTUUID="d7d38c7c-b8c6-49d5-81c3-0ef34cbd7d52"
Add resume=UUID=9132a23f-bb87-43d1-9ac5-33b75bf17f35 to the GRUB_CMDLINE_LINUX:
Generate the config for GRUB:
[root@archiso /]# grub-mkconfig -o /boot/grub/grub.cfg Generating grub configuration file ... Found linux image: /boot/vmlinuz-linux Found initrd image: /boot/intel-ucode.img /boot/initramfs-linux.img Found fallback initrd image(s) in /boot: intel-ucode.img initramfs-linux-fallback.img Warning: os-prober will not be executed to detect other bootable partitions. Systems on them will not be added to the GRUB boot configuration. Check GRUB_DISABLE_OS_PROBER documentation entry. Adding boot menu entry for UEFI Firmware Settings ... done
All done.
Root password
Let’s set the root password to log in to the new system:
[root@archiso /]# passwd root New password: Retype new password: passwd: password updated successfully
Exit chroot and reboot:
[root@archiso /]# exit root@archiso ~ # reboot
That’s it.
Problems: “Failed to mount <device> on real root”
It didn’t work on the first try 🙂
Although before that, I setup on a new laptop and everything went fine.
Now I have an error:
ERROR: device '/dev/mapper/cryptroot' not found ... Failed to mount '/dev/mapper/cryptroot' on real root
Well, let’s look into it.
initramfs couldn’t decrypt the disk, so cryptroot didn’t start, and the kernel didn’t know where to look for the root file system.
Boot from the flash drive, mount the disks:
[root@archiso ~]# cryptsetup open /dev/sda4 cryptroot Enter passphrase for /dev/sda4: [root@archiso ~]# mount /dev/mapper/cryptroot /mnt [root@archiso ~]# mount /dev/sda2 /mnt/boot [root@archiso ~]# mount /dev/sda1 /mnt/boot/efi [root@archiso ~]# swapon /dev/sda3
Enter chroot:
[root@archiso ~]# arch-chroot /mnt/ [root@archiso /]#
Check HOOKS
Check the configuration for the kernel:
[root@archiso /]# cat /etc/mkinitcpio.conf | grep HOOKS | tail -1 HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt resume filesystems fsck)
Everything seems to be correct.
Just in case – you can build the kernel again with mkinitcpio -P.
Check kernel modules
With lsinitcpio, let’s check that the kernel has the cryptsetup and crypttab modules:
[root@archiso /]# lsinitcpio /boot/initramfs-linux.img | grep 'cryptsetup\|crypttab' usr/bin/cryptsetup usr/lib/libcryptsetup.so.12 usr/lib/libcryptsetup.so.12.10.0
Everything is there.
Check UUIDs
And the last thing is the UUID of the partition that we set in GRUB – this is where I made a mistake, because I made blkid /dev/mapper/cryptroot, not the /dev/sda4 partition itself.
Check the ID of the partition with the type crypto_LUKS:
[root@archiso /]# blkid | grep LUKS /dev/sda4: UUID="738d2f9b-7ffa-4d4e-93be-e00af0a64d5b" TYPE="crypto_LUKS" PARTUUID="32835823-6901-4bbf-9520-1876e64ba109"
Edit /etc/default/grub, specify the correct UUID for the cryptdevice, run grub-mkconfig -o /boot/grub/grub.cfg – done:
After the system booted, start idw:
# systemctl start iwd # systemctl enable iwd
Run and enable dhcpcd:
# systemctl start dhcpcd # systemctl enable dhcpcd
And connect to Wi-Fi with iwctl:
Done.
