sudo wipefs -a /dev/sdX
sudo sgdisk -Z /dev/sdX
sudo sgdisk /dev/sdX \
-n1:0:+512M -t1:ef00 \
-n2:0:-32G -t2:8300 \ # 32GB swap
-n3:0:0 -t3:8200
sudo mkfs.fat -F32 /dev/nvme
sudo mkfs.btrfs /dev/nvme
sudo mkswap /dev/nvme
sudo genfstab -U /mnt | sudo tee /mnt/etc/fstab
sudo arch-chroot /mnt
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB
grub-mkconfig -o /boot/grub/grub.cfg
sudo umount -R /mnt 2>/dev/null || true
cryptsetup luksFormat /dev/nvme0n1p2
mkfs.btrfs /dev/mapper/cryptroot
mount /dev/mapper/cryptroot /mnt
pacstrap -K /mnt base linux linux-firmware btrfs-progs grub efibootmgr cryptsetup
genfstab -U /mnt >> /mnt/etc/fstab
nvim /etc/mkinitcpio.conf
> HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block sd-encrypt filesystems fsck)
mkinitcpio -P
nvim /etc/default/grub
GRUB_CMDLINE_LINUX="rd.luks.name=<UUID>=cryptroot root=/dev/mapper/cryptroot"
openssl rand -base64 32
sudo cryptsetup luksAddKey /dev/nvme0n1p2
sudo systemd-cryptenroll /dev/nvme0n1p2 --tpm2-device=auto
nvim /etc/crypttab
cryptroot UUID=********2294u239 none tpm2-device=auto
sudo cryptsetup luksHeaderBackup /dev/nvme0n1p2 --header-backup-file luks-header-backup.img
useradd -m -G wheel -s /bin/bash tribhuwan
Created
December 7, 2025 03:53
-
-
Save tribhuwan-kumar/2c89a7ee5e926361a2159ab065aae44a to your computer and use it in GitHub Desktop.
install arch linux with luks encryption
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment