Context
I'll be using a Macbook Pro 11,2 as a development machine at
work. I have the freedom to set it up as I wish to, so I'll be setting
up a fresh installation of Arch with KDE on it. I had been using Macbook Pro
8,2 running Kubuntu for now.
Since this is my first attempt at Arch, I'm hoping this works. Here's a
list of things I'm most worried about based on my prior experiences of
running OpenSuse, Kubuntu and Gentoo:
Getting the SSD to perform well
No ethernet port!
No idea if WiFi will work
Disk encryption. I need full disk encryption. Dm-crypt with LUKS looks (no pun intended) fitting.
Partitions.
iSight Camera
Initially, I had planned on removing Mac OS X from but I need to get
some benchmarks in Mac OS X so I'll be dual booting.
Specs:
8 GB DDR3 RAM
256 GB SSD
Intel Core i7 @ 2.3 GHz
Intel Iris Pro 1024 MB (It's a Retina MBP)
Guides
Installation:
https://wiki.archlinux.org/index.php/Beginners'_Guide
For encryption: followed
https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_Entire_System#LUKS_on_LVM
The Disk
Planned partition scheme:
35GB Macintosh HD (To be erased later)
2 MB for GRUB (not sure if I need this, but the excryption instructions say so. I'll find out soon anyway)
200 MB /boot :: The Encryption wiki has formatted this as ext2. But if you're planning to have this as an EFI boot partition like me, format this as 'EFI Partition' and later use mkfs.fat -F32 /dev/sdxY
Rest as an LVM (type 8E00) which will be encrypted and will contain:
* 20 GB / (root)
* Remaining for /home
* This time I won't go for a swap partition. I'll set up a swap file since I have an SSD
I thought I'll use Disk Utility in Mac OS X to
partition. Unfortunately, it doesn't let me create partitions smaller
than 1.07 GB. I add a new partition, format it as FAT and reduce
Macintosh HD to 35GB. Reboot. Had I decided to not keep Mac OS X I
would've skipped this and removed the partition as well later.
Boot from the USB Disk with Arch. [I'm using
archlinux-2013.12.01-dual.iso]
I needed to add 'nomodeset' to the boot params or the display would
be garbled. Now it's legible but tiny. I can work with that.
Following the started installation guide, used cgdisk to implement the
scheme till LVM. Use the encryption instructions below to set up the LVM.
#For SSD performance, I check all the partitions are aligned. Not sure
how this would work for LVM though#
Verified alignment of the disks:
# blockdev --getalignoff /dev/<partition>
0
Initialized the partition and created the Volume Group with Logical
Volumes as mentioned.
TODO: Add a new key in cryptsetup
Tip: use 'lsblk' if you need to refer the partition scheme again
Tip: "lvcreate -l 100%FREE -n homevol MyStorage" will fill all
free space in the vg
Here's where I land into the first issue of the night. A long list of
messages resembling this on running mkfs.ext4 for both volumes:
[33802.071073] ata1.00: failed command: WRITE FPDMA QUEUED
[33802.071080] ata1.00: cmd 61/08:10:90:48:8d/00:00:03:00:00/40 tag 2 ncq 4096 out
[33802.071082] res 40/00:14:48:95:41/00:00:03:00:00/40 Emask 0x4 (timeout)
I have no idea why this happened. The Internet brings up SDD freezing, an
old (but fixed?) ext4 bug and SDD failure. I try mkfs again and it
works. Moving on.
** TODO: TRIM support for the SSD
Base System Installation
When I resume the standard installation procedure after mounting the
unencrypted 'boot' into the encrypted mount point, I reach the second
and most annoying problem: No ethernet. 'pacstrap' needs an internet
connection. I could either get the WiFi to work or find out how to
perform an offline installation.
The Revision 43a0 of the Broadcom card is unsupported with the driver
that ships with Arch. To make matters worse, these new fancy macbooks
don't have a ethernet port. After spending a lot of time trying to
find which drivers work and how to get them, it dawned upon me that I
have been using a device that could do the job all this while. My
Android phone.
I hooked up my Nexus 4 to the machine (which was, in turn, connected
to my home WiFi) and voila! I have internet connectivity.
I get a lot of the same WRITE FPDMA QUEUED errors. I run pacstrap
thrice just to be sure everything worked.
fstab
It's time to adjust the fstab. I change relatime to noatime (Do not
update inode access times) and add 'discard' which enabled TRIM
support for SSD performance. genfstab also added 'data=ordered' to the
fstab. I'm not sure why it did that and whether I should let it be or
not.
Continued with Installation.
Bootloader
This is the part where I spent a bit too much time. I'm using
gummiboot as my EFI bootloader. This will be installed in the 200MB
FAT32 partition I prepared.
To boot, this is what I added in my arch.cfg loader:
title Arch Linux (Encrypted)
linux \\vmlinuz-linux
options initrd=\\initramfs-linux.img cryptdevice=UUID=<UUID of lvm disk. eg. /dev/sda6>:<UUID of encrypted device. eg. /dev/mapper/lvm> root=UUID=<UUID of encrypted root partition> rw
Reboot into an encrypted Arch base system!