- Framework 13
- AMD Ryzen 7 AMD Ryzen 7 7840
- 16GB RAM
- 1Tb SSD
- Dongle usb-c with ETH
Boot up Arch Linux ISO and do the following:
- Device connected by ethernet interface
All configuration file modified are in src folder
loadkeys itip addrThe command should return
2: enp195s0f3u1u4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
inet 192.168.XXX.XXX/24 brd 192.168.12.255 scope global dynamic noprefixroute enp195s0f3u1u4
valid_lft 86395sec preferred_lft 86395sec
...
ping archlinux.orgI keep /home dir in separate partition and i would like set the disk like this:
1 EFI 512Mb
2 / 100Gb
3 /home 850Gb
fdisk /dev/nvme0n1With the following sequence of characters we will obtain the desired partitioning (I assume the disk has 512 byte sectors):
- Command: g
- Command: n
- Partition number:
- First sector:
- Last sector ...: 1046529
- Command: t
- Partition type or alias: 1 (set EFI type it's very important)
- Command: n
- Partition number:
- First sector:
- Last sector ...: 208664577
- Command: n
- Partition number:
- First sector:
- Last sector ...:
- Command: p (check if all partition have a right dimensioning)
- Command: w
To set the first EFI partition when fdisk is still open:
- t
- 1
- 1
- w
Warning
The first partition must be EFI type
mkfs.fat -F32 -n EFI /dev/nvme0n1cryptsetup luksFormat -h sha256 /dev/nvme0n1p2
or
cryptsetup luksFormat --type luks1 --use-random -S 1 -s 512 -h sha512 -i 5000 /dev/nvme0n1p2
cryptsetup luksHeaderBackup /dev/nvme0n1p2 --header-backup-file /root/system-header-backup.img
cryptsetup open /dev/nvme0n1p2 system
mkfs.ext4 -L system /dev/mapper/systemcryptsetup luksFormat -h sha256 /dev/nvme0n1p3
or
cryptsetup luksFormat --type luks1 --use-random -S 1 -s 512 -h sha512 -i 5000 /dev/nvme0n1p3
cryptsetup luksHeaderBackup /dev/nvme0n1p3 --header-backup-file /root/home-header-backup.img
cryptsetup open /dev/nvme0n1p3 home
mkfs.ext4 -L home /dev/mapper/homemount LABEL=system /mnt
mkdir /mnt/boot
mkdir /mnt/home
mount LABEL=EFI /mnt/boot
mount LABEL=home /mnt/homepacstrap /mnt base linux linux-firmware vimreflector -c it > /mnt/etc/pacman.d/mirrorlistgenfstab -L /mnt >> /mnt/etc/fstabcp /root/system-header-backup.img /mnt/root
cp /root/home-header-backup.img /mnt/rootarch-chroot /mntln -sf /usr/share/zoneinfo/Europe/Rome /etc/localtimevim /etc/locale.genExaple uncomment:
en_GB.UTF-8 UTF-8
locale-genvim /etc/locale.conf
Exaple:
LANG="en_GB.UTF-8"
LANGUAGE="en_GB.UTF-8"
LC_ALL="en_GB.UTF-8"
LC_COLLATE="C.UTF-8"
LC_CTYPE="C.UTF-8"
hwclock --systohcvim /etc/vconsole.confExaple set: KEYMAP=it
vim /etc/hostnameExaple set: XXXX-linux
vim /etc/hostsExample set:
127.0.0.1 localhost
127.0.1.1 XXXX-linux.local XXXX-linux
pacman -S wpa_supplicant networkmanager
systemctl enable NetworkManager(Optional)
pacman -S mc
vim /etc/profile.d/editor.shSet:
EDITOR=/usr/bin/mcedit
vim /etc/mkinitcpio.conf Insert the follow config:
HOOKS=(systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems resume fsck)
Warning
Maintain the right module sequengce
pacman -S amd-ucodemkinitcpio -p linuxbootctl installvim /boot/loader/loader.confInsert the follow config:
default arch*.conf
timeout 5
editor false
console-mode auto
vim /boot/loader/entries/arch.confInsert the follow config:
title Arch Linux
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options rd.luks.name=</dev/disk/by-uuid>=system rd.luks.name=</dev/disk/by-uuid>=home root=/dev/mapper/system acpi_osi="!Windows 2000" amdgpu.sg_display=0 nowatchdog rw
Warning
Substitute this </dev/disk/by-uuid> with right uuid partition identifier
vim /boot/loader/entries/arch-fallback.confInsert the follow config:
title Arch Linux
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux-fallback.img
options rd.luks.name=</dev/disk/by-uuid>=system rd.luks.name=</dev/disk/by-uuid>=home root=/dev/mapper/system acpi_osi="!Windows 2000" amdgpu.sg_display=0 nowatchdog rw
Warning
Substitute this </dev/disk/by-uuid> with right uuid partition identifier
passwdexit
rebootLogin with root user
If necessary set keyboard map
localectl set-keymap ittimedatectl set-ntp 1useradd -m wheel,storage -G johndoe
passwd johndoepacman -S cronie apparmor avahi nss-mdns reflector sudo ntp logrotate
systemctl enable cronie apparmor avahi-daemon reflector ntpd
systemctl start cronie apparmor avahi-daemon reflector ntpdSet DNS Multicast in Name Service Switch congihuration file
vim /etc/nsswitch.confEdit hosts key like this:
hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dnsloadk
Add user to sudoers
vim /etc/sudoers.d/johndoeInsert the follow row:
johndoe ALL=(ALL:ALL) ALL
vim /boot/loader/entries/arch.confUpdate the follow config:
options rd.luks.name=</dev/disk/by-uuid>=system ... lsm=landlock,lockdown,yama,intergrity,apparmor,bpf rw
Warning
Substitute this </dev/disk/by-uuid> with right uuid partition identifier
vim /boot/loader/entries/arch-fallback.confUpdate the follow config:
options rd.luks.name=</dev/disk/by-uuid>=system ... lsm=landlock,lockdown,yama,intergrity,apparmor,bpf rw
Warning
Substitute this </dev/disk/by-uuid> with right uuid partition identifier
(Optional)
vim /boot/loader/entries/arch.confUpdate the follow config:
options rd.luks.name= ... net.ifnames=0
vim /boot/loader/entries/arch-fallback.confUpdate the follow config:
options rd.luks.name= ... net.ifnames=0
vim /etc/sysctl.d/99-udisk2.rulesAdd:
# UDISKS_FILESYSTEM_SHARED
# ==1: mount filesystem to a shared directory (/media/VolumeName)
# ==0: mount filesystem to a private directory (/run/media/$USER/VolumeName)
# See udisks(8)
ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{UDISKS_FILESYSTEM_SHARED}="1"
Check if tpm2 has been detected
systemd-cryptenroll --tpm2-device=listthen
systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs "1+7" /dev/nvme0n1p2
systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs "1+7" /dev/nvme0n1p3(Optional)
EDITOR=/usr/bin/mcedit systemctl edit user@serviceAdd:
[Service]
ManagedOOMMemoryPressure=kill
ManagedOOMMemoryPressureLimit=50%
EDITOR=/usr/bin/mcedit systemctl edit user.sliceAdd:
[Slice]
ManagedOOMSwap=kill
mcedit /etc/systemd/system.confAdd:
[Manager]
DefaultCPUAccounting=yes
DefaultIOAccounting=yes
DefaultMemoryAccounting=yes
DefaultTasksAccounting=yes
mcedit /etc/systemd/oomd.confAdd:
SwapUsedLimit=90%
DefaultMemoryPressureDurationSec=20s
systemctl enable --now systemd-oomd
systemctl daemon-reloadtouch /var/swap.img
chmod 600 /var/swap.img
swapoff /dev/mapper/server--vg-swap_1
mkswap /var/swap.img
swapon /var/swap.img
fallocate -l 16G /var/swap.img
chmod 600 /var/swap.img
swapoff /dev/mapper/server--vg-swap_1
mkswap /var/swap.img
swapon /var/swap.imgUpdate fstab
vim /etc/fstabAppend this:
/swap.img none swap defaults 0 0
systemctl daemon-reloadOptimize full ram utilization
vim /etc/sysctl.d/swap.conf Add:
vm.swappiness=20
vm.page-cluster=0
(Optional)
vim /etc/modules-load.d/zram.confAdd: zram
vim /etc/fstabAddppend:
/dev/zram0 none swap defaults,pri=100 0 0
vim /etc/udev/rules.d/99-zram.rulesAdd:
ACTION=="add", KERNEL=="zram0", ATTR{comp_algorithm}="lz4", ATTR{disksize}="4G", RUN="/usr/bin/mkswap -U clear /dev/%k", TAG+="systemd"
(Optional) for SSD Optimization
pacman -S fstrim
systemctl enable --now fstrim.timerthen edit
vim /boot/loader/entries/arch.confAdd:
options rd.luks.name=</dev/disk/by-uuid>=system ... rd.luks.options=discard
and edit
vim /boot/loader/entries/arch-fallback.confAdd:
options rd.luks.name=</dev/disk/by-uuid>=system ... rd.luks.options=discard
pacman -S profile-sync-daemon
systemctl --user enable psd --nowpacman -S smartmontools
systemctl enable smartd --nowecho "Hi you are logged" > /etc/motd(Optional)
pacman -S timeshiftAttach external drive and create snapshot
timeshift --create --snapshot 'clean-distr' --snapshot-device /dev/sda1vim /etc/udev/rules.d/99-lowbat.rules
Add this:
#Suspend the system when battery level drop to 5% or lower
SUBSTYSTEM=="power_supply", ATTR{status}="Discharging", ATTR{capacity}="[0-5]", RUN="/run/bin/systemctl hibernate"
pacman -S xorg-server xorg-xinit xterm xf86-video-amdgpu xarchiver network-manager-applet lightdm lightdm-gtk-greeter alsa-utils pulseaudio pavucontrol dbus xdg-dbus-proxy xdg-desktop-portal xdg-desktop-portal-gtk xdg-user-dirs xdg-utils ls man-db man-pages catfish gvfs xfce4-appfinder xfce4-battery-plugin xfce4-notifyd xfce4-panel xfce4-power-manager xfce4-pulseaudio-plugin xfce4-screensaver xfce4-screenshooter xfce4-session xfce4-settings xfce4-smartbookmark-plugin xfce4-systemload-plugin xfce4-terminal xfce4-timer-plugin xfce4-whiskermenu-plugin /etc/lightdm/lightdm.confAdd under [Seat:*]
greeter-session=lightdm-gtk-greeter
pacman -S bluez bluez-utils bluemanmanager pulseaudio-bluetooth
systemctl start bluetooh.service
systemctl enable bluetooh.servicepacman -S cups cups-pdf
systemctl enable cups
systemctl start cupsYou have to do this only one time if installed on your Framework 13 AMD a firmware older than 01000330
wget (https://archive.archlinux.org/packages/f/fwupd/fwupd-1.9.5-2-x86_64.pkg.tar.zst)
wget (https://github.com/FrameworkComputer/linux-docs/raw/main/goodix-moc-609c-v01000330.cab)
pacman -U fwupd-1.9.5-2-x86_64.pkg.tar.zst
fwupdtool install --allow-reinstall --allow-older goodix-moc-609c-v01000330.cab
fwupdtool get-historyThis operation will return an error as reported in the link but eventually the firmware should be updated:
(https://knowledgebase.frame.work/en_us/updating-fingerprint-reader-firmware-on-linux-for-13th-gen-and-amd-ryzen-7040-series-laptops-HJrvxv_za)
rebootvim /etc/pam.d/system-login
vim /etc/pam.d/xfce4-screensaver
vim /etc/pam.d/system-authAdd this in the first position may must be placed after #%PAM-1.0:
auth sufficient pam_fprintd.so pacman -S base-devel cmake git gdbTODO
pacman -S power-profiles-daemon
systemctl start power-profiles-daemon.service
systemctl enable power-profiles-daemon.service- (https://wiki.archlinux.org/title/laptop)
- (https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate)
- (https://community.frame.work/t/arch-linux-on-the-framework-laptop/3843)
- (https://wiki.archlinux.org/title/Framework_Laptop_13#Graphics)
- (https://wiki.archlinux.org/title/installation_guide)
- (https://gist.github.com/orhun/02102b3af3acfdaf9a5a2164bea7c3d6)
- (https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#Simple_encrypted_root_with_TPM2_and_Secure_Boot)
- (https://wiki.archlinux.org/title/dm-crypt/Device_encryption)
A big thank you to orhun who thanks to his guide gave me inspiration for this