This guide will set up an Arch Linux system with an encrypted partition using LUKS containing logical volumes for swap, root, and home using LVM.

This is a basic guide for myself to reference. For a more in-depth guide go to the LVM on Luks section in the arch wiki encrytion guide.

Below is an example of the disk layout:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

+----------------++-----------------------------------------------------------------------+ 
| Boot partition || Logical volume 1      | Logical volume 2      | Logical volume 3      |
|                ||                       |                       |                       | 
| /boot          || [SWAP]                | /                     | /home                 |
|                ||                       |                       |                       |
|                || /dev/MyVolGroup/swap  | /dev/MyVolGroup/root  | /dev/MyVolGroup/home  |
| (may be on     ||_ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _|
| other device)  ||                                                                       |
|                ||                         LUKS2 encrypted partition                     | 
| /dev/sda1    	 ||                           /dev/sda2                                   | 
+----------------++-----------------------------------------------------------------------+
Mount PointPartitionLogical VolumeTypeFile SystemSize
/mnt/boot/dev/partition1none(not encrypted)EFI system partitionfat321G
[swap]/dev/partition2/dev/MyVolGroup/swapLinux swapswap16G
/mnt/dev/partition2/dev/MyVolGroup/rootLinux rootbtrfs200G
/mnt/home/dev/partition2/dev/MyVolGroup/homeLinux homebtrfsRemainder

1. Creating the GPT partition table

List the available drives and create the partition table:

1
2

lsblk
cfdisk /dev/disk

2. Preparing the disk

Create and open the LUKS encrypted container that will contain the logical volumes:

1
2

cryptsetup luksFormat /dev/partition2
cryptsetup open /dev/partition2 cryptlvm

3. Preparing the logical volumes

Create a physical volume on top of the opened LUKS container:

1

pvcreate /dev/mapper/cryptlvm

Create a volume group and add the previously created physical volume to it:

1

vgcreate MyVolGroup /dev/mapper/cryptlvm

Create all your logical volumes on the volume group:

1
2
3

lvcreate -L 16G MyVolGroup -n swap
lvcreate -L 200G MyVolGroup -n root
lvcreate -l 100%FREE MyVolGroup -n home

Format your file systems on each logical volume:

1
2
3

mkfs.btrfs /dev/MyVolGroup/root
mkfs.btrfs /dev/MyVolGroup/home
mkswap /dev/MyVolGroup/swap

Mount your file systems:

1
2
3

mount /dev/MyVolGroup/root /mnt
mount --mkdir /dev/MyVolGroup/home /mnt/home
swapon /dev/MyVolGroup/swap

4. Preparing the boot partition

Create your file system for the boot partition:

1

mkfs.fat -F32 /dev/partition1

5. Configuration during system install

5.1 Packages

Install ‘cryptsetup lvm2’

5.3 Configuring mkinitcpio

Edit /etc/mkinitcpio.conf adding encrypt lvm2 to HOOKS:

1

HOOKS=(base udev autodetect modconf kms **keyboard** keymap consolefont block **encrypt** **lvm2** filesystems fsck)

Recreate mkinitcpio:

1

mkinitcpio -p

5.4 Boot loader (grub)

Exit chroot to get the UUID of the disks.

1
2

lsblk -f >> /mnt/etc/default/grub
arch-chroot /mnt

Edit /etc/default/grub and add the below to GRUB_CMLINE_DEFAULT:

1

cryptdevice=UUID=_device-UUID_:cryptlvm root=/dev/MyVolGroup/root

Generate grub config:

1

grub-mkconfig -o /boot/grub/grub.cfg