Arch Linux: install in 2025 – partitions, encryption, and manual system installation

By | 07/05/2025
 

Every time I start installing Arch Linux, it’s like a new journey: it seems like nothing much has changed over the years, but every time something new happens.

I’ve written about this a lot, and it’s time to write about it again because I bought a new laptop.

At first, I was too lazy to do everything by hand, so I decided to try ready-made images. I even tried Fedora, because it’s easy to install and everything is included, but no, not for me, because I really missed the Pacman/AUR repositories, and I was constantly messing with upgrades by getting messages that “your system is no longer supported, upgrade to 42”.

So I decided to return to Arch Linux, which I have been using since 2016.

The first thing I tried was EndeavourOS – it’s very good, actually. I installed it with KDE, and everything “just works” – without any additional movements. It comes with all the batteries included, and a customized environment to choose from – KDE/Gnome/LXDE/etc.

But then I kind of missed the Openbox WM and its minimalism, so decided to switch back to it.

Similarly, at first, I decided not to waste time and just look for ready-made solutions. And there are, for example, the Archcraft. Everything is also prepared, the guy has done everything very nicely – the GRUB screen, and all kinds of Openbox/Fluxbox/Hyprland tuning – a lot of things, for any taste.

I set it up, played with it, but still wanted to have something “my own”, because I want to know my system – where, what, how, and why it was made. So I took a clean Arch Linux ISO, created a bootable USB drive, and installed everything from scratch.

So today, we will go through the process of partitioning the disk and installing a clean system since. The laptop is planned for work. Thus, I will do it with the LUKS encryption for disks.

Starting the installation, WiFi

Create a flash drive with the Arch Linux ISO, reboot the machine from it, and set up WiFi. I do this more for myself, because then it’s easier to connect from another computer via SSH, and do everything in a full-fledged environment where I copy commands/results to the RTFM blog, to this post.

We already have iwctl in the image, let’s run it:

# iwctl

Find the available networks:

[iwd]# station wlan0 get-networks

Connect (iwctl supports TAB substitution, so you don’t have to type everything by hand):

[iwd]# station wlan0 connect setevoy-tplink-5 
Passphrase:*******

Check the status – the State should be Connected:

[iwd]# station wlan0 show

We exit by Ctrl+D, and can ping some Google to check.

Find the IP:

# ip a s wlan0

Set the root password :

# passwd root

And connect to this machine from another computer:

$ ssh [email protected]

archinstall vs manual installation

Once upon a time, Arch Linux added the archinstall script to simplify the process. But I haven’t made friends with it – the disk partitioning is not very convenient, nor is the installation of packages.

So we’ll do it the old school way, manually.

By the way, I don’t remember if archinstall supports encryption.

Preparation: disks

Choosing a layout – LVM, partitions

I used to work with LVM + LUKS, and in LVM there are separate groups for / and /home.

Having separate partitions seems to be more convenient, because you have better control over the free space, and you can reinstall the system without losing data in the home directories, plus all kinds of user settings. And if you also have LVM, you can easily resize partitions and make snapshots for backups.

But for the years I’ve had this scheme on my work laptop (~5 years now), I’ve never used these features.

So this time I decided to do both / and /home on one large partition, and without LVM – a little easier setup, easier debugging in case of problems when you need to boot from a flash drive and rebuild the kernel.

So, we’ll do it without LVM, but with LUKS, and the system and $HOME on the same partition.

Disk partitioning with fdisk

Again, it’s a matter of habit, but I’ve been using fdisk for a long time, so we’ll go with it.

Let’s check the devices:

[root@archiso ~]# fdisk -l
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors
Disk model: Samsung SSD 850 
...
Disklabel type: gpt
...

Device         Start       End   Sectors   Size Type
/dev/sda1       4096   4198399   4194304     2G EFI System
/dev/sda2    4198400 416672903 412474504 196.7G Linux filesystem
/dev/sda3  416672904 488397101  71724198  34.2G Linux swap

Disk /dev/sdb: 28.91 GiB, 31037849600 bytes, 60620800 sectors
Disk model: DataTraveler 2.0
...

Device     Boot   Start     End Sectors  Size Id Type
/dev/sdb1  *         64 2074623 2074560 1013M  0 Empty
/dev/sdb2       2074624 2428927  354304  173M ef EFI (FAT-12/16/32)
...

Here:

  • /dev/sdb: USB with Arch Linux ISO, 30 gigabytes
  • /dev/sda: the main disk, the laptop’s SSD, 250 gigabytes

The SSD now has partitions and data from EndeavourOS, so let’s delete everything and start from scratch.

Start fdisk on sda:

root@archiso ~ # fdisk /dev/sda 
...
Command (m for help):

Let’s double-check that this is the right disk – “Samsung SSD, 250 gig“:

...
Command (m for help): p
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors
Disk model: Samsung SSD 850 
...

Important: next, we are going to delete ALL data from the disk! Make sure you made a backup.

Delete all partitions:

Command (m for help): d
Partition number (1-3, default 3): 

Partition 3 has been deleted.

Command (m for help): d
Partition number (1,2, default 2): 

Partition 2 has been deleted.

Command (m for help): d
Selected partition 1
Partition 1 has been deleted

Save the changes:

Command (m for help): w The partition table has been altered.
Calling ioctl() to re-read partition table.
Synchronizing disks.

Run fdisk one more time:

root@archiso ~ # fdisk /dev/sda

Let’s check what’s on the disk now – nothing:

Command (m for help): p
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors 
Disk model: Samsung SSD 850
...
Disklabel type: gpt
Disk identifier: 51B93327-8CC4-4D94-9243-67A797A845B2

Let’s start creating new partitions.

We need four of them:

  • for EFI
  • a separate partition for /boot – because you need to load initramfs to the RAM from somewhere before you can decrypt the disk
  • for Swap
  • and a partition for the system itself and /home

The order of creation is not that important, because modern systems and kernels will find everything themselves, but it is better to stick to the standard approach:

  • EFI first, because that’s where our bootloader is located (the efi-file will be searched there)
  • then /boot – there is a kernel for booting and the rest of the GRUB files
  • then Swap – because “historically” since the days of mechanical HDDs, where the first partitions (closer to the edge of the disk) were read faster
  • and then the main partition under / and /home

Create the first partition, for EFI, 512 megabytes:

Command (m for help): n
Partition number (1-128, default 1): 
First sector (2048-2000409230, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-2000409230, default 2000408575): +512M

Created a new partition 1 of type 'Linux filesystem' and of size 512 MiB.
Partition #1 contains a vfat signature.

Do you want to remove the signature? [Y]es/[N]o: Y

The signature will be removed by a write command.

Now you need to specify the type of partition, EFI – t (type):

Command (m for help): t

Find all with the L:

Partition type or alias (type L to list all): L
  1 EFI System                     C12A7328-F81F-11D2-BA4B-00A0C93EC93B
  2 MBR partition scheme           024DEE41-33E7-11D3-9D69-0008C781F39F
...

Set the value to “1”:

Partition type or alias (type L to list all): 1
Changed type of partition 'Linux filesystem' to 'EFI System'.

Create a second partition, for the /boot where initramfs and the system kernel will be located.

512 megabytes should be enough for everything – vmlinuz-linux is about 10 megabytes, initramfs-linux.img is another 20-30, and a fallback image is a bit larger.

For example, my another laptop with Arch Linux:

$ ls -lh /boot/
total 67M
drwxr-xr-x 3 root root 4.0K Jan  1  1970 EFI
drwxr-xr-x 6 root root 4.0K Dec  7  2020 grub
-rw------- 1 root root  39M May  2 16:44 initramfs-linux-fallback.img
-rw------- 1 root root  14M May  2 16:44 initramfs-linux.img
drwx------ 2 root root  16K Dec  7  2020 lost+found
-rw-r--r-- 1 root root  15M May  2 16:44 vmlinuz-linux

So, add a new partition:

...

Command (m for help): n
Partition number (2-128, default 2): 
First sector (1050624-488397134, default 1050624): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (1050624-488397134, default 488396799): +512M

Created a new partition 2 of type 'Linux filesystem' and of size 512 MiB.
...

Next, we need to add a Swap partition.

Previously, we used to do x2 of the available RAM. Now, if hibernate is going to be used, we make the size of the RAM + a couple of gigabytes in reserve.

This laptop has 32 gigabytes, so let’s make it 34 for the Swap:

...
Command (m for help): n
Partition number (3-128, default 3): 
First sector (2099200-488397134, default 2099200): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2099200-488397134, default 488396799): +34G

Created a new partition 3 of type 'Linux filesystem' and of size 34 GiB.
...

Find the type of Linux swap – again with L:

...
Partition number (1-3, default 3): L ...
 19 Linux swap 
...

Set the type with the t:

...
Partition number (1-3, default 3): 
Partition type or alias (type L to list all): 19

Changed type of partition 'Linux filesystem' to 'Linux swap'.
...

And the last one is the partition for the system itself, all the remaining space (just press Enter):

...
Command (m for help): n
Partition number (4-128, default 4): 
First sector (73402368-488397134, default 73402368): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (73402368-488397134, default 488396799): 

Created a new partition 4 of type 'Linux filesystem' and of size 197.9 GiB.
...

Let’s check what we did with p:

...
Command (m for help): p
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors
Disk model: Samsung SSD 850 
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: BE8FEE73-C9BB-4959-A258-12A3FCF906FF

Device        Start       End   Sectors   Size Type
/dev/sda1      2048   1050623   1048576   512M EFI System
/dev/sda2   1050624   2099199   1048576   512M Linux filesystem
/dev/sda3   2099200  73402367  71303168    34G Linux swap
/dev/sda4  73402368 488396799 414994432 197.9G Linux filesystem
...

Write the changes:

...
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks

Encryption with LUKS

Let’s see what we have with the partitions now:

[root@archiso ~]# lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
loop0    7:0    0 846.7M  1 loop /run/archiso/airootfs
sda      8:0    0 232.9G  0 disk 
├─sda1   8:1    0   512M  0 part 
├─sda2   8:2    0   512M  0 part 
├─sda3   8:3    0    34G  0 part 
└─sda4   8:4    0 197.9G  0 part 
sdb      8:16   1  28.9G  0 disk 
├─sdb1   8:17   1  1013M  0 part 
└─sdb2   8:18   1   173M  0 part 
sdc      8:32   1     0B  0 disk

4 new partitions on /dev/sda, of which /dev/sda4 is a root partition for the system, and we will encrypt it.

We use the latest standard, luks2, and add the '-y‘ to prompt for password confirmation:

[root@archiso ~]# cryptsetup -y luksFormat --type luks2 /dev/sda4

WARNING!
========
This will overwrite data on /dev/sda4 irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/sda4: 
Verify passphrase:

That’s it – the data is already encrypted.

Now, to install the system, we need to decrypt the disk with the same cryptsetup command:

[root@archiso ~]# cryptsetup open /dev/sda4 cryptroot
Enter passphrase for /dev/sda4:

Now there should be a new partition in /dev/mapper that cryptsetup creates when it decrypts the disk, and it’s actually just a symlink to the physical partition:

[root@archiso ~]# ls -l /dev/mapper/cryptroot 
lrwxrwxrwx 1 root root 7 May 26 12:06 /dev/mapper/cryptroot -> ../dm-0

Creating file systems

What kind of file systems do we need:

  • EFI: Fat32
  • / and /boot: ext4 (old and proven, never used any btrfs, although it might be worth a try)
  • Swap: leave it as it is, but run mkswap (set the header LINUX_SWAP), and later do swapon

Create a file system on the main partition, /dev/sda4 (or /dev/mapper/cryptroot):

[root@archiso ~]# mkfs.ext4 /dev/mapper/cryptroot
mke2fs 1.47.2 (1-Jan-2025)
Creating filesystem with 51870208 4k blocks and 12967936 inodes
Filesystem UUID: 6bbbd1c2-7396-4d23-91eb-4188079e6df8
Superblock backups stored on blocks: 
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
        4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done

Similarly for the /boot, but here through /dev/sda2:

root@archiso ~ # mkfs.ext4 /dev/nvme0n1p2

Now Fat32 for the EFI, /dev/sda1:

[root@archiso ~]# mkfs.fat -F32 /dev/sda1 
mkfs.fat 4.2 (2021-01-31)

And Swap:

[root@archiso ~]# mkswap /dev/sda3
Setting up swapspace version 1, size = 34 GiB (36507217920 bytes)
no label, UUID=9132a23f-bb87-43d1-9ac5-33b75bf17f35

Check:

[root@archiso ~]# fdisk -l /dev/sda
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors
Disk model: Samsung SSD 850 
...

Device        Start       End   Sectors   Size Type
/dev/sda1      2048   1050623   1048576   512M EFI System
/dev/sda2   1050624   2099199   1048576   512M Linux filesystem
/dev/sda3   2099200  73402367  71303168    34G Linux swap
/dev/sda4  73402368 488396799 414994432 197.9G Linux filesystem

Okay, let’s move on.

Mounting partitions

Mount the partitions:

  • sda4, root partition: to /mnt
  • sda2, boot: to /mnt/boot
  • sda1, EFI: to /mnt/boot/efi
  • and run swapon on the /dev/sda3

Run:

[root@archiso ~]# mount /dev/mapper/cryptroot /mnt
[root@archiso ~]# mkdir /mnt/boot
[root@archiso ~]# mount /dev/sda2 /mnt/boot
[root@archiso ~]# mkdir /mnt/boot/efi 
[root@archiso ~]# mount /dev/sda1 /mnt/boot/efi
[root@archiso ~]# swapon /dev/sda3

Check swap:

[root@archiso ~]# swapon --show
NAME      TYPE      SIZE USED PRIO
/dev/sda3 partition  34G   0B   -2

And the rest of the partitions:

[root@archiso ~]# lsblk /dev/sda
NAME          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda             8:0    0 232.9G  0 disk  
├─sda1          8:1    0   512M  0 part  /mnt/boot/efi
├─sda2          8:2    0   512M  0 part  /mnt/boot
├─sda3          8:3    0    34G  0 part  [SWAP]
└─sda4          8:4    0 197.9G  0 part  
  └─cryptroot 253:0    0 197.9G  0 crypt /mnt

Installing the system

Install the necessary packages from pacstrap.

It’s better to add everything for Wi-Fi now, including dhcpd, so that you don’t have issues with the connection, and may install openssh any other necessary software:

[root@archiso ~]# lsblk /dev/sda
NAME          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda             8:0    0 232.9G  0 disk  
├─sda1          8:1    0   512M  0 part  /mnt/boot/efi
├─sda2          8:2    0   512M  0 part  /mnt/boot
├─sda3          8:3    0    34G  0 part  [SWAP]
└─sda4          8:4    0 197.9G  0 part  
  └─cryptroot 253:0    0 197.9G  0 crypt /mnt

Iris Xe Graphics

My new laptop (Lenovo ThinkPad T14 Gen 5) has an Iris Xe Graphics card, and it took some dancing, because the first attempts to launch Archcraft resulted in a black screen.

The solution was to add the nomodeset to the kernel load.

Install additional packages:

root@archiso ~ # pacstrap -K /mnt mesa vulkan-intel intel-media-driver libva libva-utils

Switch to the new system with arch-chroot, and if exist, remove the xf86-video-intel:

[root@archiso /]# pacman -Rns xf86-video-intel
error: target not found: xf86-video-intel

Exit the chroot environment and move on.

Creating the fstab

Generate /etc/fstab with partitions:

[root@archiso ~]# genfstab -U /mnt >> /mnt/etc/fstab

Check:

[root@archiso ~]# cat /mnt/etc/fstab
# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>
# /dev/mapper/cryptroot
UUID=6bbbd1c2-7396-4d23-91eb-4188079e6df8       /               ext4            rw,relatime     0 1

# /dev/sda2
UUID=93dade4c-1579-4256-8491-4e560fc563c4       /boot           ext4            rw,relatime     0 2

# /dev/sda1
UUID=BBE3-903E          /boot/efi       vfat            rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro   0 2

# /dev/sda3
UUID=9132a23f-bb87-43d1-9ac5-33b75bf17f35       none            swap            defaults        0 0

Everything looks like it’s OK.

Building the kernel with the mkinitcpio

Since we are using LUKS, we need to add an action (actually, the “hook”) encrypt so that the kernel decrypts the partition at the system startup.

The keyboard and keymap should already be there, but it’s better to check – they are used to enter the password for decryption.

Edit the file /mnt/etc/mkinitcpio.conf (/mnt! – or do chroot), find the line with HOOKS:

...
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems fsck)
...

Add encrypt after block and before filesystems – the order is important:

HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt resume filesystems fsck)

(if we use hibernation, we add resume before filesystem )

Why the order is important:

  • block – finds disks
  • encrypt – decrypts a partition
  • filesystems – mounts partitions

If there is no encrypt hook, initramfs will not ask for a password and will not be able to mount the partition.

Note: by the way, here’s an important nuance: if we don’t encrypt Swap, and a laptop that was in hibernation is stolen, they can get all the information that was in the memory.
Therefore, if you do everything securely, then Swap should also be encrypted. Or use a swapfile on a root partition that is encrypted.

Run arch-chroot:

[root@archiso ~]# arch-chroot /mnt/

Build the kernel:

[root@archiso /]# mkinitcpio -P
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
==> Using default configuration file: '/etc/mkinitcpio.conf'
  -> -k /boot/vmlinuz-linux -g /boot/initramfs-linux.img
...
  -> Running build hook: [encrypt]
  -> Running build hook: [resume]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating zstd-compressed initcpio image: '/boot/initramfs-linux-fallback.img'
  -> Early uncompressed CPIO image generation successful
==> Initcpio image generation successful

GRUB

Since we have an encrypted partition, we need to specify it in GRUB so that it tells the kernel to perform decryption.

This can be done with the modern /etc/crypttab, or “the old school way” – with the GRUB_CMDLINE_LINUX.

I didn’t use crypttab, and I don’t have any additional partitions, so GRUB_CMDLINE_LINUX will be enough.

Add three more packages – the grub itself, efibootmgr (although we already installed it), and intel-ucode to have the latest updates for the CPU (this is, of course, if you have an Intel CPU, not an AMD one).

You can check it like this:

[root@archiso /]# lscpu | grep 'Vendor'
Vendor ID:                            GenuineInte

If you have AMD, then use the amd-ucode package.

Install it:

[root@archiso /]# pacman -S grub efibootmgr intel-ucode

Install GRUB itself to the EFI partition /boot/efi:

[root@archiso /]# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB
Installing for x86_64-efi platform.
Installation finished. No error reported

Adding a cryptdevice

Find the UUID of the encrypted partition:

[root@archiso /]# blkid | grep LUKS
/dev/sda4: UUID="738d2f9b-7ffa-4d4e-93be-e00af0a64d5b" TYPE="crypto_LUKS" PARTUUID="32835823-6901-4bbf-9520-1876e64ba109"

(I made a mistake here – took the wrong UUID, and the system did not boot, see at the end)

Edit the /etc/default/grub, find the line GRUB_CMDLINE_LINUX="", and add the cryptdevice parameter:

...
GRUB_CMDLINE_LINUX="cryptdevice=UUID=738d2f9b-7ffa-4d4e-93be-e00af0a64d5b:cryptroot root=/dev/mapper/cryptroot" 
...

Adding a resume

If we plan to use hibernate, the kernel needs to be told which partition to read data from.

Find the UUID of the Swap partition:

[root@archiso /]# blkid | grep swap
/dev/sda3: UUID="9132a23f-bb87-43d1-9ac5-33b75bf17f35" TYPE="swap" PARTUUID="d7d38c7c-b8c6-49d5-81c3-0ef34cbd7d52"

Add resume=UUID=9132a23f-bb87-43d1-9ac5-33b75bf17f35 to the GRUB_CMDLINE_LINUX:

Generate the config for GRUB:

[root@archiso /]# grub-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-linux
Found initrd image: /boot/intel-ucode.img /boot/initramfs-linux.img
Found fallback initrd image(s) in /boot:  intel-ucode.img initramfs-linux-fallback.img
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done

All done.

Root password

Let’s set the root password to log in to the new system:

[root@archiso /]# passwd root
New password: 
Retype new password: 
passwd: password updated successfully

Exit chroot and reboot:

[root@archiso /]# 
exit
root@archiso ~ # reboot

That’s it.

Problems: “Failed to mount <device> on real root”

It didn’t work on the first try 🙂

Although before that, I setup on a new laptop and everything went fine.

Now I have an error:

ERROR: device '/dev/mapper/cryptroot' not found 
...
Failed to mount '/dev/mapper/cryptroot' on real root

Well, let’s look into it.

initramfs couldn’t decrypt the disk, so cryptroot didn’t start, and the kernel didn’t know where to look for the root file system.

Boot from the flash drive, mount the disks:

[root@archiso ~]# cryptsetup open /dev/sda4 cryptroot
Enter passphrase for /dev/sda4: 
[root@archiso ~]# mount /dev/mapper/cryptroot /mnt
[root@archiso ~]# mount /dev/sda2 /mnt/boot
[root@archiso ~]# mount /dev/sda1 /mnt/boot/efi
[root@archiso ~]# swapon /dev/sda3

Enter chroot:

[root@archiso ~]# arch-chroot /mnt/ 
[root@archiso /]#

Check HOOKS

Check the configuration for the kernel:

[root@archiso /]# cat /etc/mkinitcpio.conf | grep HOOKS | tail -1
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt resume filesystems fsck)

Everything seems to be correct.

Just in case – you can build the kernel again with mkinitcpio -P.

Check kernel modules

With lsinitcpio, let’s check that the kernel has the cryptsetup and crypttab modules:

[root@archiso /]# lsinitcpio /boot/initramfs-linux.img | grep 'cryptsetup\|crypttab'
usr/bin/cryptsetup
usr/lib/libcryptsetup.so.12
usr/lib/libcryptsetup.so.12.10.0

Everything is there.

Check UUIDs

And the last thing is the UUID of the partition that we set in GRUB – this is where I made a mistake, because I made blkid /dev/mapper/cryptroot, not the /dev/sda4 partition itself.

Check the ID of the partition with the type crypto_LUKS:

[root@archiso /]# blkid | grep LUKS
/dev/sda4: UUID="738d2f9b-7ffa-4d4e-93be-e00af0a64d5b" TYPE="crypto_LUKS" PARTUUID="32835823-6901-4bbf-9520-1876e64ba109"

Edit /etc/default/grub, specify the correct UUID for the cryptdevice, run grub-mkconfig -o /boot/grub/grub.cfg – done:

After the system booted, start idw:

# systemctl start iwd
# systemctl enable iwd

Run and enable dhcpcd:

# systemctl start dhcpcd
# systemctl enable dhcpcd

And connect to Wi-Fi with iwctl:


Done.