2023-10-30

tuxedo infinitybook arch installation

This guide aims to install Arch Linux on a Tuxedo InfinityBook Pro Gen 8 laptop with GNOME 44 desktop environment.

pre-installation

Before commencing installation, here is a checklist of tasks to prepare for this exercise:

• Obtain the latest copy of Arch Linux ISO from its official download website
• Create a bootable USB from downloaded ISO
• Connect the laptop to the internet via its USB-C Ethenet dongle port
• Verify network connection by ping -c 5 archlinux.org
• Attach bootable USB and boot into BIOS menu by pressing "DEL" key
• Verify boot mode
• Make sure BIOS boot mode is set to UEFI instead of Legacy
• Disable Intel ME
• Change boot option to boot from USB
• Save changes in BIOS and then restart computer to boot into Arch linux shell

InfinityBook I/O ports are standardized across all of its own variants, and here is a diagram below for illustration:

                 ╭───────────────╮
        USB-C ╺╺▶│ Tuxedo        │<══ Power
    USB-A 3.0 ──>│ InfinityBook  │<── HDMI
      SD Card ══>│ Pro Gen 8     │◀╺╺ USB-A 3.0
    Headphone ╶╶>│               │◀╺╺ USB-C Thunderbolt
                 ╰───────────────╯

connecting to the internet

wired connection

InfinityBook comes with a wired internet port dongle. The dongle can only be connected to the non Thunderbolt USB-C port located on the left side of the laptop. See diagram above to locate available port.

wireless connection

In case wired connection is not available, to connect to a wireless network, boot into Arch Linux via the USB ISO and use the tool nmtui to configure wireless internet connection.

nmtui

Then follow the GUI to activate a wireless connection temporarily.

arch iso

There are 3 available I/O ports for plugging in the USB with Arch ISO: USB-A 3.0 on both sides and USB-C on the left side.

If notebook is using wired connection, Arch ISO will need to be flashed to a USB-A thumbdrive device. The other USB-C port is Thunderbolt, which doesn't work for USB with Bootable ISO.

installation

The installation section will cover:

• device partitioning with BTRFS
• subvolumes
• Luks encryption
• nvidia
• swapfile
• InfinityBook specific packages
• snapshots

verify boot mode

Verify boot mode is UEFI:

ls /sys/firmware/efi/efivars

The above command should output a list of efi variables if boot mode is indeed UEFI.

Once verified, proceed to the next step.

partitioning

InfinityBook has 1 single nvme SSD slot, so its storage device should be nvme0n1. Proceed next to partition device with cfdisk:

cfdisk /dev/nvme0n1

There are many ways to partition a disk, this guide will use a similar and popular partitioning strategy as Fedora with 2 main partitions in a 2T nvme drive as illustrated below:

NAME                   MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
nvme0n1                259:0    0     2T  0 disk
├─nvme0n1p1            259:1    0     1G  0 part  /mnt/boot
└─nvme0n1p2            259:2    0   1.8T  0 part
  └─root               253:0    0   1.8T  0 crypt /mnt/home
                                                  /mnt

cfdisk will prompt whether or not to use GPT or a different partitioning table format, choose GPT.

luks encryption

encrypt

Setup LUKS encryption on the filesystem partition:

cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random --verify-passphrase luksFormat /dev/nvme0n1p2

Make sure to choose a strong passphrase for device encryption.

This will take some time to encrypt the partition, depending on the partition size.

decrypt

Once the process completes, decrypt the partition to proceed further into the guide:

cryptsetup luksOpen /dev/nvme0n1p2 root

formatting

The nvme0n1p1 EFI partition will use FAT32 format:

mkfs.fat -F32 /dev/nvme0n1p1

The nvme0n1p2 filesystem partition will use BTRFS format:

mkfs.btrfs /dev/mapper/root

subvolumes

Mount root onto the /mnt directory temporarily:

mount /dev/mapper/root /mnt

Then change to the new directory:

cd /mnt

Create root, home, and snapshots subvolumes:

btrfs subvolume create @
btrfs subvolume create @home

Verify the new subvolumes:

btrfs subvolume list /mnt

The 2 of them should be listed at level 5 (top level) as followed:

ID 256 gen 31804 top level 5 path @
ID 257 gen 31804 top level 5 path @home

Then return to the root directory of the USB installation medium:

cd

And then unmount root from /mnt:

umount /mnt

Mount the root subvolume:

mount -o noatime,space_cache=v2,compress=zstd,ssd,discard=async,subvol=@ /dev/mapper/root /mnt

Create both home and boot folders under the /mnt directory:

mkdir /mnt/{home,boot,.snapshots}

Mount the home subvolume:

mount -o noatime,space_cache=v2,compress=zstd,ssd,discard=async,subvol=@home /dev/mapper/root /mnt/home

Mount the boot subvolume:

mount /dev/nvme0n1p1 /mnt/boot

essential packages

Before running the pacstrap command, this is a good time to enable pacman for parallel download processes to speed up the installation.

Edit the /etc/pacman.conf file in the bootable USB Arch instance, uncomment the following flag to enable parallel downloads:

ParallelDownloads = 5

And then save and exit the editor on the file.

Next, update pacman's repository:

pacman -Syu

Next, run pacstrap to install Linux and other essential packages:

pacstrap /mnt base base-devel linux linux-firmware intel-ucode vim

If certain mirrors are not responsive, update mirror list located in /etc/pacman.d/mirrrolist by rearranging the order of the top most mirror with one that's responsive.

Next, generate filesystem tables and append to the end of fstab about how partitions, block devices, remote file systems are mounted:

genfstab -U /mnt >> /mnt/etc/fstab

Next, enter the installed system as root user:

arch-chroot /mnt

Edit /etc/mkinitcpio.conf to append btrfs to the MODULES parameter:

MODULES=(btrfs)

And then edit the hooks parameters as followed:

HOOKS=(base systemd autodetect modconf kms keyboard keymap consolefont block sd-encrypt btrfs filesystems fsck)

Next regenerate mkinitcpio:

mkinitcpio -P

swapfile

Swapfile is a more flexible solution than swap partition. So it is generally a good solution for personal devices due to its extremely low maintenance.

configure swapfile

First allocate a swapfile in the ROOT path:

A recommended size is 16GB for most home and school use cases. For RAM intensive workload, set the swap size to be slightly smaller than physical RAM size.

In this example below, the system has 64G RAM with 32G swap space, which is more than sufficient with almost all engineering tasks that a laptop can physically handle.

fallocate -l 32GB /swapfile

Update swapfile permission:

chmod 600 /swapfile

Make swap:

mkswap /swapfile

Turn on swap:

swapon /swapfile

configure swap in fstab

Add the following row to the end of the table /etc/fstab:

/swapfile none swap default 0 0

locales, languages

Edit locale under /etc/locale.gen by uncommenting the appropriate locale. For example uncomment the following according to the current example:

en_US.UTF-8 UTF-8
en_US ISO-8859-1

Generate the uncommented locale:

locale-gen

Create symlink to set local timezone (adjust to the device's local timezone appropriately):

ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime

Synchronize hardware clock:

hwclock --systohc

Create locale config file:

echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8

hostname, hosts, root password

Set hostname:

echo <hostname> > /etc/hostname

Edit the /etc/hosts file:

127.0.0.1 localhost
::1       localhost
127.0.1.1 <hostname>.localdomain <hostname>

Set a password for the root user:

passwd

enable multiple downloads

Similar to the pacman.conf on the Live system, edit the installed system's /etc/pacman.conf file to enable multiple downloads (the number 5 is arbitrary, choose an appropriate number according to the CPU cores):

ParallelDownloads = 5

create user

Create a non-root user:

useradd -mG wheel <user>

Set password for the non-root user:

passwd <user>

Enable sudo permission for the new user:

EDITOR=vim visudo

By uncommenting the following line:

%wheel ALL=(ALL) ALL

additional packages

There are additional packages that need to be installed for things to work on the laptop:

pacman -S git grub efibootmgr networkmanager network-manager-applet dialog \
linux-headers mtools wpa_supplicant dosfstools avahi reflector bluez \
bluez-utils cups xdg-user-dirs xdg-utils gvfs gvfs-smb nfs-utils inetutils \
dnsutils alsa-utils pipewire pipewire-alsa pipewire-pulse pipewire-jack \
bash-completion rsync sof-firmware nss-mdns os-prober tlp snapper \
bridge-utils dnsmasq vde2 ipset firewalld

Here are some packages that are commonly installed on other distros and considered to be handy but not required for Arch Linux:

pacman -S less man-db flatpak openssh

nvidia

If system comes with Nvidia graphics card, install the Nvidia drivers:

pacman -S nvidia nvidia-utils nvidia-settings

Nvidia GPU requires system to perform early loading for nvidia, nvidia_modeset, nvidia_uvm, and nvidia_drm. Otherwise, the machine will be stuck at the phase right after partition decryption.

For more information on how to handle system with Nvidia card, read this article from the Arch Wiki.

To enable these modules for boot, edit /etc/mkinitcpio.conf's modules:

MODULES=(btrfs nvidia nvidia_modeset nvidia_uvm nvidia_drm)

Then regenerate initramfs:

mkinitcpio -P

For driver modules that are defined directly in mkinitcpio.conf, whenever there are updates to the drivers, the system needs to regenerate initramfs.

To automate this process, supply a hook into /etc/pacman.d/hooks/nvidia.hook:

[Trigger]
Operation=Install
Operation=Upgrade
Operation=Remove
Type=Package
Target=nvidia
Target=linux
# Change the linux part above if a different kernel is used

[Action]
Description=Update NVIDIA module in initcpio
Depends=mkinitcpio
When=PostTransaction
NeedsTargets
Exec=/bin/sh -c 'while read -r trg; do case $trg in linux*) exit 0; esac; done; /usr/bin/mkinitcpio -P'

bootloader (systemd-boot)

Make sure /dev/nvme0n1p1 is mounted in /mnt/boot. If not, mount /dev/nvme0n1p1 /mnt/boot.

bootctl --path=/boot install

Edit /boot/loader/loader.conf:

Make sure the timeout is greater than 1 second, otherwise it's almost impossible to enter BIOS settings at boot time.

default arch
timeout 5

Create the arch.conf boot entry file:

touch /boot/loader/entries/arch.conf

UUID of cryptdevice can be found via blkid command. It may be easier to append the output of blkid to the end of the arch.conf file:

blkid >> /boot/loader/entries/arch.conf.

title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options rd.luks.name=<crypt-device-uuid>=root root=/dev/mapper/root rootflags=subvol=@ rw nvidia-drm.modeset=1 nvidia-drm.fbdev=1 rootfstype=btrfs

Create the arch-fallback.conf boot entry file:

touch /boot/loader/entries/arch-fallback.conf

title Arch Linux Fallback
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux-fallback.img
options rd.luks.name=<crypt-device-uuid>=root root=/dev/mapper/root rootflags=subvol=@ rw nvidia-drm.modeset=1 rootfstype=btrfs

Then unmount and reboot manually with poweroff:

exit
umount -R /mnt
poweroff

When machine powers back on with the bootable USB, decrypt the encrypted root device, and then re-mount /mnt, /mnt/boot, and /mnt/home, leaving /mnt/.snapshots unmounted, for now.

services

Enable systemd-boot and other services:

systemctl enable systemd-boot-update.service
systemctl enable NetworkManager
systemctl enable bluetooth
systemctl enable avahi-daemon
systemctl enable tlp
systemctl enable fstrim.timer
systemctl enable firewalld
systemctl enable cups

The following services may be optional, enable if needed:

systemctl enable sshd
systemctl enable reflector.service
systemctl enable reflector.timer

Verify boot list:

bootctl list

aur

There are a few popular package managers for AUR, one of which is paru. To install, run the following instructions:

git clone https://aur.archlinux.org/paru-bin
cd paru-bin
makepkg -si

infinitybook firmware packages

Once paru is installed, the system is now ready to receive InfinityBook specific firmware packages:

paru -S tuxedo-touchpad-switch

snapshots

One of the main reason for using btrfs is being able to take snapshots of the system. When system breaks, snapshots can provide a point in time to rollback to a working system.

Unmount and then remove the current snapshot directory if exists:

umount /.snapshots

rm -r /.snapshots

Enter to the root directory:

cd /

Configure snapper:

snapper -c root create-config /

The above command should recreate the /.snapshots directory. Once confirmed /.snapshots directory is created, mount the snapshots volume back at the /.snapshots mount point:

mount -a

Find the subvolume id of the newly created snapshots subvolume:

btrfs subvolume list /

Edit snapper config to grant user access in /etc/snapper/configs/root:

ALLOW_USERS="<user>"

Edit the timeline cleanup:

TIMELINE_MIN_AGE="1800"
TIMELINE_LIMIT_HOURLY="5"
TIMELINE_LIMIT_DAILY="7"
TIMELINE_LIMIT_WEEKLY="0"
TIMELINE_LIMIT_MONTHLY="0"
TIMELINE_LIMIT_YEARLY="0"

Enable both timeline and cleanup timers:

systemctl enable --now snapper-timeline.timer
systemctl enable --now snapper-cleanup.timer

Next install additional snapper related packages:

paru -S snapper-gui-git

post-installation

When Arch Linux is installed and working. The next step is install drivers and other packages that are specific to the Tuxedo InfinityBook S14/16 hardware as well as the GNOME Desktop environment.

optional - keyboard

InfinityBook can be configured with different physical keyboards. If laptop is configured with US ISO keyboard, Arch needs to use a different keymap that matches the physical keyboard.

Get a list of supported layout:

ls /usr/share/kbd/keymaps/**/*.map.gz

If keymaps are on the list, examine the layout of the keyboard with the Keyboard layout info website to find out if additional keymap is needed.

For example, the "US International" option from Tuxedo's configurator uses a "US Keymap" with "us-intl" variant.

Then change the layout to the appropriate one using loadkeys command, for example, setting us keymap for the current login session:

sudo loadkeys us

persisting keymap

Once the correct keymap is found, write its configuration to /etc/vconsole.conf to save the value so that it will not be reset back to default everytime system is rebooted:

KEYMAP=us-acentos

optional - tuxedo control center (tcc)

Tuxedo control center is a GUI application that allows user to change system profiles. TCC relies on the application menu to host its GUI components, meaning the system will need to install the AppIndicator and KStatusNotifierItem Support GNOME extension.

To install:

paru -S tuxedo-control-center-bin

desktop environment

To install GNOME desktop environment:

pacman -S gnome seahorse

Currently there is a bug in gnome-keyring, where it assumes its default keyring is named login, and some distributions such as Arch using a different default keyring name, it has been causing some issues with launching some desktop apps. To mitigate this issue, install seahorse and then make sure to supply a password keyring named as login. As for password, it is convenient to use the same one as current user.

Then select the list packages to install from the prompt.

After installing GNOME, enable its display manager to provide GUI for login sessions:

systemctl enable gdm

complete system installation

Run the following command in order to reboot the system:

exit
umount -R /mnt
reboot

optional - backup

Once confirmed system is fully operational. Create the first cold storage backup for the system. This can be done easily with an GUI application, such as "Déjá Dup Backups".

In terms of choice of cold storage, external SSDs are one of many popular choices.