Did you know that you can navigate the posts by swiping left and right?

Part 1: Install Arch Linux on a Retina MacBook Pro

08 Jan 2016 . linux . Comments

Purpose of this post

This post is more of a technical guide/build log for myself as getting arch installed took alot of time and research, so this is post of all the steps I found to make Arch work.

This post is specific to my setup, so some steps are based on a personal preference.

Also, i’d like to think this will be useful for anyone else wanting to do the same thing.

Im going to cover the following installation/setup steps in a three part series

  • Partitioning
  • Full Disk Encryption and filesystem
  • BTRFS
  • Installation and post install tasks
  • WiFi setup
  • Xorg
  • Graphical desktop
  • Personalisation
  • Software
  • Docker

My Particular Installation

I have opted to install Arch Linux as a single operating system, therefore losing OS X, the great thing about Apple, is they’re recovery software is in the cloud and can be restored from the EFI firmware (using command+R on boot). This means if I never need OS X again I could reinstall.

I want to use EFI boot with a LUKS dm-crypt partition to ensure my data is encrypted. I picked btrfs as my filesystem over ext4 as I believe this has some great advantages, like COW, compression, snapshotting, subvolumes and is optimised for SSD’s with a single mount option. Finally for GUI, I am using SDDM as my graphical manager with KDE plasma 5 and i3-wm as the Desktop Environment and window manager.

WARNING: Dont Just Copy and paste commands on here – You could lose data!

Why Arch Linux

Have a read of my “Why I choose Arch Linux” post here.

My MacBook

Firstly, I love the apple hardware, they build great looking machines. I have been using the MacBook Pro line since they were introduced with Intel Hardware. The latest retina modules with thin uni-bodies are very good looking machine, my only issue is that apple dropped the ethernet port, I guess this is to make the body thin, but the ethernet port is important for me.

The Specifications are:

  • Apple Macbook Pro Retina 13" early 2014 (MacBookPro10,1)
  • Intel Core i5-3230M @ 2.60GHz
  • 8 GB Ram
  • Intel Iris GPU
  • Facetime HD Camera (USB)
  • 13.3" Retina Display, max resolution 2560×1600

lspci:


00:00.0 Host bridge: Intel Corporation 3rd Gen Core processor DRAM Controller (rev 09)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor PCI Express Root Port (rev 09)
00:01.1 PCI bridge: Intel Corporation Xeon E3-1200 v2/3rd Gen Core processor PCI Express Root Port (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 3rd Gen Core processor Graphics Controller (rev 09)
00:14.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB xHCI Host Controller (rev 04)
00:16.0 Communication controller: Intel Corporation 7 Series/C210 Series Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB Enhanced Host Controller #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 7 Series/C210 Series Chipset Family High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 7 Series/C210 Series Chipset Family PCI Express Root Port 1 (rev c4)
00:1c.1 PCI bridge: Intel Corporation 7 Series/C210 Series Chipset Family PCI Express Root Port 2 (rev c4)
00:1d.0 USB controller: Intel Corporation 7 Series/C210 Series Chipset Family USB Enhanced Host Controller #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation QS77 Express Chipset LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 7 Series Chipset Family 6-port SATA Controller [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 7 Series/C210 Series Chipset Family SMBus Controller (rev 04)
02:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM57786 Gigabit Ethernet PCIe (rev 21)
02:00.1 SD Host controller: Broadcom Corporation BCM57765/57785 SDXC/MMC Card Reader (rev 21)
03:00.0 Network controller: Broadcom Corporation BCM4331 802.11a/b/g/n (rev 02)
04:00.0 PCI bridge: Intel Corporation DSL3510 Thunderbolt Port [Cactus Ridge] (rev 03)
05:00.0 PCI bridge: Intel Corporation DSL3510 Thunderbolt Port [Cactus Ridge] (rev 03)
05:03.0 PCI bridge: Intel Corporation DSL3510 Thunderbolt Port [Cactus Ridge] (rev 03)
05:04.0 PCI bridge: Intel Corporation DSL3510 Thunderbolt Port [Cactus Ridge] (rev 03)
05:05.0 PCI bridge: Intel Corporation DSL3510 Thunderbolt Port [Cactus Ridge] (rev 03)
05:06.0 PCI bridge: Intel Corporation DSL3510 Thunderbolt Port [Cactus Ridge] (rev 03)
06:00.0 System peripheral: Intel Corporation DSL3510 Thunderbolt Port [Cactus Ridge] (rev 03)

lsusb:


Bus 004 Device 004: ID 0a5c:4500 Broadcom Corp. BCM2046B1 USB 2.0 Hub (part of BCM2046 Bluetooth)
Bus 004 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 003 Device 003: ID 05ac:8510 Apple, Inc. FaceTime HD Camera (Built-in)
Bus 003 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub

Base Install

I didnt opt to keep OS X installed, so if you need to dual boot, google the steps on partitioning

Create Arch Linux USB

Prepare A USB key, you’ll need at least 2GB to be safe, run the following commands in either OS X or Linux:


wget http://ftp.iinet.net.au/pub/archlinux/iso/2016.01.01/archlinux-2016.01.01-dual.iso
dd if=archlinux-2015.01.01-dual.iso of=/dev/xx bs=4M

Next, boot the USB by holding down the right alt key on boot. If you have a USB or thunderbolt ethernet adaptor, make sure its connected before you boot the installer.

NOTE: The Broadcom WiFi Drivers are not installed to the installation USB, so you will need wired, Alternatively you can pre-compile the drivers as part of the installation, but I wont cover that.

Once the Arch Linux installer has booted, you’ll be presented with a zsh shell.
Incase the font is too small, you can increase it:


setfont sun12x22

Disk Partitioning

We will only create one partition for dm-crypt and btrfs (however I will have space unallocated incase I need a swap partition later).

Because we are using EFI boot, we dont need to create a /boot instead, instead we will use the exsisting EFI boot partition already on the disk (this should be /dev/sda1).

Running lsblk reports the following:


NAME          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda             8:0    0 233.8G  0 disk
├─sda1          8:1    0   200M  0 part
└─sda2          8:2    0 233.6G  0 part

For partitioning, im going to use cgdisk, this can be run by issing:


cgdisk /dev/sda

Here, i’ll just delete the Macintosh HD and Recovery HD partitions and create a new partition with the type code 8300 and use 100% of the free space.

In the end I’ll end up with following partition table:


Part. #    Size        Partition Type      Partition Name
-------------------------------------------------------
          3.0 KiB      free space
1         200.0 MiB    EFI System           EFI System Partition
2         233.6 GiB    Linux filesystem     Arch Linux

DM-Crypt

We are going to encrypt the entire /dev/sda2 and install our filesystem underneath. DM-Crypt is the standard Full disk encryption library and supports a large number of ciphers and key-sizes.
The Arch Linux wiki has some great guidelines about setting up DM-Crypt in Arch.

The cipher and key-size I have picked is more for read and write speed instead of picking a stronger cipher which will provide better protection against supercomputer brute forcing, as im more worried about my passwords/keys if I loose my computer.

To setup DM-Crypt on /dev/sda2, we will run:


cryptsetup -v --cipher aes-xts-plain64 --key-size 512 -y luksFormat /dev/sda2

Note: Common Password complexity guidelines apply here, remember if the password is simple, or guessable, it renders encryption useless, best to use a unique string passphrase.

Now, we can unencrypt the LUKS parition and mount it ready to setup btrfs:


cryptsetup luksOpen /dev/sda1 archcrypt

BTRFS

Most guides I followed, used the common LVM or LVM over LUKS setup, however i’m going for something a little different, instead of setting up LVM and then BTRFS, I will setup BTRFS straight onto LUKS.

WARNING: BTRFS is no yet considered stable and while no new features or changes will be made from this point on, If your data is important, I would not recommend continuing, This is also NOT Recommended for production environments

Its worth noting, I have yet to experience any issues or data loss.

The btrfs project page has more information about BTRFS and its development.

We are going to setup BTRFS, create a ROOT subvolume, and then create some more subvolumes underneath the ROOT subvolume. Subvolumes appear as folders when you run an ls, they also let us to do snapshotting. Instead of snapshotting the entire disk, we can snapshot folders (subvolumes). Instead meaning better usage of disk space. We are also going to specify lzo as the compression, as the default compression. is more load intensive – and we want speed.


mkfs.btrfs -L "Arch Linux" /dev/mapper/archcrypt
mount /dev/mapper/archcrypt /mnt
cd /mnt
btrfs subvolume create ROOT
umount /mnt

# Here we specify the Subvolume to mount into, and set some SSD options
mount -o ssd,discard,compress=lzo,subvol=ROOT /dev/mapper/archcrypt /mnt
cd /mnt

# Now create standard linux folders in / (for snapshotting)
btrfs subvolume create home
btrfs subvolume create root
btrfs subvolume create etc
btrfs subvolume create proc
btrfs subvolume create var
btrfs subvolume create usr

Once done, we should have some directories in /mnt. While they appear to be directories, you cant delete them using the rm command. We can view what subvolumes we have using:


btrfs subvolume list /

Installing Base Operating System

Now are almost ready to install the Arch OS, we just need to mount /dev/sda1 as our boot device, so the installation can install the kernel etc:


mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

Lets install base and base-devel – We also need btrfs-progs so we can issue btrfs commands


pacstrap /mnt base base-devel btrfs-progs

This will take some time, depending on your internet connection as it downloads all the packages from the net to ensure you get the latest packages.

Post Installation

Now we have base install, we need to chroot into that and do some post installation tasks like, set the locale settings and finally, get our EFI boot loader installed and configured.

Whlist I could continue installing a GUI and applications, its best to do a few steps at a time, so we’ll do that later.

Lets generate an fstab file based on whats mounted, you should still have /dev/sd* mounted from above:


genfstab -L -p /mnt >> /mnt/etc/fstab

It should look simular to:


LABEL=Arch\040Linux  /	   btrfs  rw,relatime,compress=lzo,ssd,discard,space_cache,subvolid=257,subvol=ROOT	0 0
LABEL=EFI            /boot vfat   rw,relatime,remount-ro	0 2

Just make sure the subvol=ROOT is set, otherwise fstab will mount the wrong subvolume.

Now its time to setup our machine…

Start by chrooting into your installation:
arch-chroot /mnt

Now lets setup the Hostname timezone and language, As im in New Zealand I’ll set my Timezone and Locale as NZ standard (en_NZ.UTF-8).


echo myhostname > /etc/hostname
ln -sf /usr/share/zoneinfo/Pacific/Auckland /etc/localtime

vi /etc/locale.gen
locale-gen

echo LANG=en_NZ.UTF-8 > /etc/locale.conf

Bootloader and systemd-loader

Lets setup UEFI-systemd-boot, for this will need to write to /dev/sda1 which should be mounted to /boot.
If its not, go back and check your setup. The loader will contain only the arch-linux option. Which we will setup using a loader entry file.

Also, as part of this step will also create the initramfs img, The initramfs image is a small self contained linux image which is a supporting step to help us unlock the DM-crypt partition, setup mountpoints and set the BTRFS subvolume. Its also a useful debugging tool if your machine can’t boot. Once initramfs boots the kernel its no longer used.
Initamfs is generated by mkinitcpio which reads in a text config file. For the purpose of this guide, we are only modifying the hooks it loads (think if them like modules). Edit /etc/mkinitcpio.conf with the following hooks:


HOOKS="base udev autodetect modconf block keyboard btrfs encrypt filesystems"

Then generate the image with:


mkinitcpio -p linux

If you miss something, or spell a module wrong, we can re-generate it at anytime by calling the mkinitcpio command

On to the EFI loader, first create the required folders:


mkdir -p /boot/loader/entries

Second, create a default option bycreating /boot/loader/loader.conf with the content:


default arch
timeout 4

Next, create the arch loader entry (watch the spelling and options here)
create /boot/loader/entries/arch.conf:


title     Arch Linux
linux     /vmlinuz-linux
initrd    /initramfs-linux.img
options   cryptdevice=/dev/sda2:archcrypt:allow-discards root=/dev/mapper/archcrypt rootflags=subvol=ROOT rw

Options Details:

  • cryptdevice is the the device which we setup dm-crypt
  • :archcrypt: is the /dev/mapper name we want to mount the unecrypted disk too.
  • allow-discards will pass TRIM commands to the encrypted disk.
  • root is where the OS root folders are.
  • rootflags allow us to pick a BTRFS subvolume

Lets create our EFI boot loader and install it:


bootctl install

That SHOULD conclude our base installion, all going well, you shoule be able to remove the usb and reboot into your arch installation

tip:
If things fail or dont work, reboot into the USB installation, mount the partitions and chroot into them to troubleshoot or perform more actions.

Stay tuned for part 2 (Installing a Dekstop Environment)