- Framework 13
- AMD Ryzen 7 AMD Ryzen 7 7840
- 16GB RAM
- 1Tb SSD
Boot up Arch Linux ISO and do the following:
- Device connected by ethernet interface
All configuration file modified are in src folder
loadkeys it
ip addr
the command should return
2: enp195s0f3u1u4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
inet 192.168.XXX.XXX/24 brd 192.168.12.255 scope global dynamic noprefixroute enp195s0f3u1u4
valid_lft 86395sec preferred_lft 86395sec
...
ping archlinux.org
I keep /home dir in separate partition and i would like set the disk like this:
1 EFI 512Mb
2 / 100Gb
3 /home 850Gb
fdisk /dev/nvme0n1
With the following sequence of characters we will obtain the desired partitioning (I assume the disk has 512 byte sectors):
- Command: g
- Command: n
- Partition number:
- First sector:
- Last sector ...: 1046529
- Command: t
- Partition type or alias: 1 (set EFI type it's very important)
- Command: n
- Partition number:
- First sector:
- Last sector ...: 208664577
- Command: n
- Partition number:
- First sector:
- Last sector ...:
- Command: p (check if all partition have a right dimensioning)
- Command: w
Warning
The first partition must be EFI type
mkfs.fat -F32 -n EFI /dev/nvme0n1
cryptsetup luksFormat -h sha256 /dev/nvme0n1p2
or
cryptsetup luksFormat --type luks1 --use-random -S 1 -s 512 -h sha512 -i 5000 /dev/nvme0n1p2
cryptsetup luksHeaderBackup /dev/nvme0n1p2 --header-backup-file /root/system-header-backup.img
cryptsetup open /dev/nvme0n1p2 system
mkfs.ext4 -L system /dev/mapper/system
cryptsetup luksFormat -h sha256 /dev/nvme0n1p3
or
cryptsetup luksFormat --type luks1 --use-random -S 1 -s 512 -h sha512 -i 5000 /dev/nvme0n1p3
cryptsetup luksHeaderBackup /dev/nvme0n1p3 --header-backup-file /root/home-header-backup.img
cryptsetup open /dev/nvme0n1p3 home
mkfs.ext4 -L home /dev/mapper/home
mount LABEL=system /mnt
mkdir /mnt/boot
mkdir /mnt/home
mount LABEL=EFI /mnt/boot
mount LABEL=home /mnt/home
pacstrap /mnt base linux linux-firmware vim
reflector -c it > /etc/pacman.d/mirrorlist
genfstab -L /mnt >> /mnt/etc/fstab
cp /root/system-header-backup.img /mnt/root
cp /root/home-header-backup.img /mnt/root
arch-chroot /mnt
ln -sf /usr/share/zoneinfo/Europe/Rome /etc/localtime
hwclock --systohc
vim /etc/locale.gen
exaple uncomment: en_GB.UTF-8 UTF-8
locale-gen
vim /etc/vconsole.conf
exaple set: KEYMAP=it
vim /etc/hostname
exaple set: XXXX-linux
vim /etc/hosts
example set:
127.0.0.1 localhost
127.0.1.1 XXXX-linux.local XXXX-linux
pacman -S wpa_supplicant networkmanager
systemctl enable NetworkManager
(Optional)
pacman -S mc
vim /etc/profile.d/editor.sh
set:
EDITOR=/usr/bin/mcedit
vim /etc/mkinitcpio.conf
insert the follow config:
HOOKS=(systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems resume fsck)
Warning
Maintain the right module sequengce
pacman -S amd-ucode
mkinitcpio -p linux
bootctl install
vim /boot/loader/loader.conf
insert the follow config:
default arch*.conf
timeout 5
editor yes
console-mode auto
vim /boot/loader/entries/arch.conf
insert the follow config:
title Arch Linux
linux /vmlinuz-linux
initrd /[CPU-ARCHITECTURE]-ucode.img
initrd /initramfs-linux.img
options rd.luks.name=</dev/disk/by-uuid>=system rd.luks.name=</dev/disk/by-uuid>=home root=/dev/mapper/system amdgpu.sg_display=0 acpi_osi="!Windows 2000" rw splash
Warning
Substitute this </dev/disk/by-uuid> with right uuid partition identifier
vim /boot/loader/entries/arch-fallback.conf
insert the follow config:
title Arch Linux
linux /vmlinuz-linux
initrd /-ucode.img
initrd /initramfs-linux.img
options rd.luks.name=</dev/disk/by-uuid>=system rd.luks.name=</dev/disk/by-uuid>=home root=/dev/mapper/system amdgpu.sg_display=0 acpi_osi="!Windows 2000" rw splash
Warning
Substitute this </dev/disk/by-uuid> with right uuid partition identifier
passwd
exit
reboot
Login with root user
If necessary set keyboard map
localectl set-keymap it
timedatectl set-ntp 1
useradd -m wheel,storage -G johndoe
passwd johndoe
pacman -S cronie apparmor avahi nss-mdns reflector sudo ntp logrotate
systemctl enable cronie apparmor avahi-daemon reflector ntpd
systemctl start cronie apparmor avahi-daemon reflector ntpd
Set DNS Multicast in Name Service Switch congihuration file
vim /etc/nsswitch.conf
Edit hosts key like this:
hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dnsloadk
Add user to sudoers
vim /etc/sudoers.d/johndoe
Insert the follow row:
johndoe ALL=(ALL:ALL) ALL
vim /boot/loader/entries/arch.conf
Update the follow config:
options rd.luks.name=</dev/disk/by-uuid>=system rd.luks.name=</dev/disk/by-uuid>=home root=/dev/mapper/system amdgpu.sg_display=0 acpi_osi="!Windows 2000" lsm=landlock,lockdown,yama,integrity,apparmor,bpf rw splash
Warning
Substitute this </dev/disk/by-uuid> with right uuid partition identifier
vim /boot/loader/entries/arch-fallback.conf
Update the follow config:
options rd.luks.name=</dev/disk/by-uuid>=system rd.luks.name=</dev/disk/by-uuid>=home root=/dev/mapper/system amdgpu.sg_display=0 acpi_osi="!Windows 2000" lsm=landlock,lockdown,yama,integrity,apparmor,bpf rw splash
Warning
Substitute this </dev/disk/by-uuid> with right uuid partition identifier
#touch /var/swap.img
#chmod 600 /var/swap.img
fallocate -l 16G /var/swap.img
#swapoff /dev/mapper/server--vg-swap_1
#mkswap /var/swap.img
#swapon /var/swap.img
Update fstab
vim /etc/fstab
Append this:
/swap.img none swap defaults 0 0
systemctl daemon-reload
Optimize full ram utilization
vim /etc/sysctl.d/swap.conf
Add: vm.swappiness=20 vm.page-cluster=0
(optional)
vim /etc/modules-load.d/zram.conf
Add: zram
vim /etc/fstab
Add: ... dev/zram0 none swap defaults,pri=100 0 0
vim /etc/sysctl.d/99-zram.rules
Add: ACTION=="add", KERNEL=="zram0", ATTR{comp_algorithm}="zstd", ATTR{disksize}="4G", RUN="/usr/bin/mkswap -U clear /dev/%k", TAG+="systemd"
(optional)
vim /boot/loader/entries/arch.conf
Update the follow config:
options rd.luks.name= ... net.ifnames=0
vim /boot/loader/entries/arch-fallback.conf
Update the follow config:
options rd.luks.name= ... net.ifnames=0
vim /etc/sysctl.d/99-udisk2.rules
Add:
# UDISKS_FILESYSTEM_SHARED
# ==1: mount filesystem to a shared directory (/media/VolumeName)
# ==0: mount filesystem to a private directory (/run/media/$USER/VolumeName)
# See udisks(8)
ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{UDISKS_FILESYSTEM_SHARED}="1"
Check if tpm2 has been detected
systemd-cryptenroll --tpm2-device=list
then
systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs "1+7" /dev/nvme0n1p2
systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs "1+7" /dev/nvme0n1p3
(optional) for SSD Optimization
systemctl enable --now fstrim.timer
then edit
vim /boot/loader/entries/arch.conf
Add:
options rd.luks.name=</dev/disk/by-uuid>=system rd.luks.name=</dev/disk/by-uuid>=home root=/dev/mapper/system amdgpu.sg_display=0 acpi_osi="!Windows 2000" rw splash rd.luks.options=discard
pacman -S profile-sync-daemon
systemctl --user enable psd --now
(optional)
pacman -S timeshift
Attach external drive and create snapshot
timeshift --create --snapshot 'clean-distr' --snapshot-device /dev/sda1
vim /etc/udev/rules.d/99-lowbat.rules
Add this:
#Suspend the system when battery level drop to 5% or lower
SUBSTYSTEM=="power_supply", ATTR{status}="Discharging", ATTR{capacity}="[0-5]", RUN="/run/bin/systemctl hibernate"
pacman --needed -S xorg-server xorg-xinit xterm xf86-video-amdgpu xfce4 xfce4-goodies xarchiver network-manager-applet lightdm lightdm-gtk-greeter alsa-utils pulseaudio pavucontrol dbus xdg-desktop-portal-xapp xdg-desktop-portal-gtk xdg-user-dirs xdg-dbus-proxy xdg-utils man-db man-pages catfish gvfs
pacman -Rncsu xfburn xfce4-notes-plugin parole xfce4-dict
/etc/lightdm/lightdm.conf
Add under [Seat:*]
greeter-session=lightdm-gtk-greeter
pacman -S bluez bluez-utils bluemanmanager pulseaudio-bluetooth
systemctl start bluetooh.service
systemctl enable bluetooh.service
pacman -S cups cups-pdf
systemctl enable cups
systemctl start cups
You have to do this only one time if installed on your Framework 13 AMD a firmware older than 01000330
wget (https://archive.archlinux.org/packages/f/fwupd/fwupd-1.9.5-2-x86_64.pkg.tar.zst)
wget (https://github.com/FrameworkComputer/linux-docs/raw/main/goodix-moc-609c-v01000330.cab)
pacman -U fwupd-1.9.5-2-x86_64.pkg.tar.zst
fwupdtool install --allow-reinstall --allow-older goodix-moc-609c-v01000330.cab
fwupdtool get-history
This operation will return an error as reported in the link but eventually the firmware should be updated:
(https://knowledgebase.frame.work/en_us/updating-fingerprint-reader-firmware-on-linux-for-13th-gen-and-amd-ryzen-7040-series-laptops-HJrvxv_za)
reboot
vim /etc/pam.d/system-login
vim /etc/pam.d/xfce4-screensaver
vim /etc/pam.d/system-auth
Add this in the first position may must be placed after #%PAM-1.0:
auth sufficient pam_fprintd.so
pacman -S base-devel cmake git gdb
TODO
pacman -S power-profiles-daemon
systemctl start power-profiles-daemon.service
systemctl enable power-profiles-daemon.service
- (https://wiki.archlinux.org/title/laptop)
- (https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate)
- (https://community.frame.work/t/arch-linux-on-the-framework-laptop/3843)
- (https://wiki.archlinux.org/title/Framework_Laptop_13#Graphics)
- (https://wiki.archlinux.org/title/installation_guide)
- (https://gist.github.com/orhun/02102b3af3acfdaf9a5a2164bea7c3d6)
- (https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#Simple_encrypted_root_with_TPM2_and_Secure_Boot)
- (https://wiki.archlinux.org/title/dm-crypt/Device_encryption)
A big thank you to orhun who thanks to his guide gave me inspiration for this