Skip to content

suryanshdeo/arch-setup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

Arch Linux Setup Guide

A comprehensive guide to setting up My Arch Linux from scratch.

Table of Contents

Prerequisites

  • USB drive (4GB or larger)
  • Arch Linux ISO image
  • Internet connection
  • Basic command line knowledge

Installation

1. Boot the Live Environment

Insert the USB drive and boot into the Arch live environment. You may need to adjust your BIOS/UEFI settings.

2. Connect to the Internet

For WiFi:

iwctl
device list
station wlan0 scan
station wlan0 get-networks
#Replace wlan0 with your device name if different.

station wlan0 connect YOUR_SSID
exit
ping -c 3 archlinux.org

3. Arch Install Script

archinstall --advanced

4. Bootloader Fix (GRUB)

Boot to Live USB and fix bootloader issues:

# BOOT TO LIVE USB

# Mount your root partition
sudo mount /dev/nvme0n1p5 /mnt

# Mount your boot partition
sudo mount /dev/nvme0n1p8 /mnt/boot

# Mount your EFI partition
sudo mount /dev/nvme0n1p1 /mnt/boot/efi

sudo arch-chroot /mnt
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB
grub-mkconfig -o /boot/grub/grub.cfg
exit
sudo reboot

AUR

To install AUR helpers like yay:

sudo pacman -S --needed git base-devel
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si

Chaotic AUR

Retrieving the primary key

sudo pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com
sudo pacman-key --lsign-key 3056513887B78AEB

Installing chaotic-keyring and chaotic-mirrorlist packages.

sudo pacman -U 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst'
sudo pacman -U 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst'

Append to /etc/pacman.conf:

[chaotic-aur]
Include = /etc/pacman.d/chaotic-mirrorlist

Run a full system update:

sudo pacman -Syu

CachyOS Repo

curl https://mirror.cachyos.org/cachyos-repo.tar.xz -o cachyos-repo.tar.xz
tar xvf cachyos-repo.tar.xz && cd cachyos-repo
sudo ./cachyos-repo.sh

To install CachyOS kernel and Optimizations:

sudo pacman -S cachyos-kernel-manager cachyos-hello cachyos-settings
# Install CachyOS kernel from the kernel manager. 
sudo update-grub

Adding Windows Partition to GRUB

To detect and add Windows partitions to GRUB for dual-boot:

sudo pacman -S os-prober
sudo os-prober
sudo nano /etc/default/grub
# Add or uncomment: GRUB_DISABLE_OS_PROBER=false
sudo pacman -S update-grub
sudo update-grub

Essentials

sudo systemctl enable fstrim.timer
sudo pacman -S reflector
sudo reflector --latest 20 --sort rate --save /etc/pacman.d/mirrorlist
sudo pacman -S ufw
sudo ufw enable
sudo timedatectl set-ntp true
sudo pacman -S noto-fonts noto-fonts-cjk noto-fonts-emoji ttf-dejavu
sudo pacman -S flatpak
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
sudo pacman -S ttf-jetbrains-mono-nerd

Bluetooth

sudo pacman -S bluez bluez-utils
sudo systemctl start bluetooth.service
sudo systemctl enable bluetooth.service
rfkill unblock bluetooth

Fractional Scaling and Blur Fix on GNOME

gsettings set org.gnome.mutter experimental-features "['scale-monitor-framebuffer']"
gsettings set org.gnome.mutter experimental-features '["scale-monitor-framebuffer", "xwayland-native-scaling"]'

Mounting Windows

sudo pacman -S ntfs-3g udisks2
sudo mkdir -p /mnt/windows
sudo nano /etc/fstab

# Add UUID=E2044FE3044FB975 /mnt/windows ntfs-3g rw,uid=1000,gid=1000,umask=0022,x-gvfs-show 0 0

sudo systemctl daemon-reload
sudo mount -a

Secure Boot Setup

sbctl

sbctl is a user-friendly secure boot key manager capable of setting up secure boot, offering key management capabilities, and keeping track of files that need to be signed in the boot chain.

Installing sbctl

sudo pacman -S sbctl

Pre-setup

GRUB Boot Manager

If you are using GRUB, run the following command to enable secure boot support on GRUB using CA Keys.

sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=cachyos --modules="tpm" --disable-shim-lock

Note

Loading unnecessary modules in your boot manager has the potential to present a security risk. Only run this command if you actually need secure boot.

Entering Setup Mode in UEFI

Firstly, we need to go to firmware settings and set secure boot mode to “Setup Mode”. You can reboot from an already running system to firmware settings with following command.

systemctl reboot --firmware-setup

Setting Up sbctl

sudo sbctl status # If setup mode is enabled we can proceed to the next step
Installed:      ✘ sbctl is not installed
Setup Mode:     ✘ Enabled
Secure Boot     ✘ Disabled

sudo sbctl create-keys # Create your custom secure boot keys
Created Owner UUID a9fbbdb7-a05f-48d5-b63a-08c5df45ee70
Creating secure boot keys...✔
Secure boot keys created!

sudo sbctl enroll-keys --microsoft # Enroll your keys with Microsoft's keys
Enrolling keys to EFI variables...✔
Enrolled keys to the EFI variables!

sudo sbctl status
# sbctl should now be installed, we can proceed to signing the kernel images and boot manager
Installed:      ✔ sbctl is installed
Owner GUID:     a9fbbdb7-a05f-48d5-b63a-08c5df45ee70
Setup Mode:     ✔ Disabled
Secure Boot     ✘ Disabled
Vendor Keys:    microsoft

Signing the Kernel Image and Boot Manager

CachyOS provides sbctl-batch-sign, a script that takes the list of files needed to be signed from sudo sbctl verify and signs them all. Limine users should skip to Limine.

Caution

On systems with a separate /boot and /boot/efi partition layout, sbctl may only scan for EFI binaries in /boot/efi. This causes kernel images that are in /boot to not be detected. sbctl-batch-sign works around this by always scanning /boot for vmlinuz-* files.

sudo sbctl verify
Verifying file database and EFI images in /boot...
✘ /boot/1c4b5246eef05ac3bc87339323cd5101/6.10.0-cn4.0.fc40.x86_64/linux is not signed
✘ /boot/EFI/BOOT/BOOTX64.EFI is not signed
✘ /boot/EFI/systemd/systemd-bootx64.efi is not signed
✘ /boot/1c4b5246eef05ac3bc87339323cd5101/0-rescue/linux is not signed
✘ /boot/1c4b5246eef05ac3bc87339323cd5101/6.10.0-cn3.0.fc40.x86_64/linux is not signed

sudo sbctl-batch-sign

sudo sbctl verify
Verifying file database and EFI images in /boot...
✔ /boot/1c4b5246eef05ac3bc87339323cd5101/6.10.0-cn4.0.fc40.x86_64/linux is signed
✔ /boot/EFI/BOOT/BOOTX64.EFI is signed
✔ /boot/EFI/systemd/systemd-bootx64.efi is signed
✔ /boot/1c4b5246eef05ac3bc87339323cd5101/0-rescue/linux is signed
✔ /boot/1c4b5246eef05ac3bc87339323cd5101/6.10.0-cn3.0.fc40.x86_64/linux is signed

Now that all the files are signed. Reboot your system and go to your UEFI Settings to enable Secure Boot.

Note that this is a one-time process as signing files with -s flag will save those files to sbctl’s database.

Additional Resources

Last updated: 2026

About

A step-by-step Arch Linux setup guide covering installation, AURs, dual-boot, GNOME tweaks, and secure boot.

Topics

linux aur arch secure-boot chaotic cachy

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors