merge legacy/bios and uefi install instructions

And remove old broken links.

INSTALL.md

@@ -1,14 +1,9 @@
 The following is a brief installation tutorial for [Arch Linux][1]. It assumes
-familiarity with the Arch [Beginner's Guide][2] and [Installation Guide][3].
+familiarity with the Arch [Installation Guide][2].
 
-It will provide a system with full-disk encryption using [LVM on LUKS][4].
-Two methods are presented here, the more traditional "BIOS mode", where
-there is no separate `/boot` partition. The entire installation is encrypted
-and booted via [Grub's crypto hooks][5].  The second method is "UEFI mode" which
-will use a GPT and show you how to make [separately-encrypted boot and root partitions][6],
-while only /boot/efi is left unecrypted.
-
-Use your system's setup interface to choose UEFI or legacy/BIOS mode as appropriate.
+It will provide a system with full-disk encryption using [LVM on LUKS][3],
+including an [encrypted `/boot`][4]. The system will be bootable via both UEFI and
+legacy BIOS.
 
 Note that this guide assumes you are performing the install to `/dev/sda`. In
 some cases, you may find that your USB install disk claimed `/dev/sda` and you
@@ -18,35 +13,30 @@ On some newer systems (e.g. Dell XPS 15), set SATA operation mode to AHCI.
 
 Boot into the Arch installer.
 
-If your console font is tiny ([HiDPI][7] systems), set a new font.
+If your console font is tiny ([HiDPI][5] systems), set a new font.
 
     $ setfont sun12x22
 
 Connect to the Internet.
 
-Verify that the [system clock is up to date][8].
+Verify that the system clock is up to date.
 
     $ timedatectl set-ntp true
 
-(BIOS mode) Create a single partition for LUKS.
-
-    $ parted -s /dev/sda mklabel msdos
-    $ parted -s /dev/sda mkpart primary 2048s 100%
-
-(UEFI mode) Create partitions for EFI, boot, and root.
+Create partitions for legacy boot, EFI, and root.
 
     $ parted -s /dev/sda mklabel gpt
-    $ parted -s /dev/sda mkpart primary fat32 1MiB 513MiB
-    $ parted -s /dev/sda set 1 boot on
-    $ parted -s /dev/sda set 1 esp on
-    $ parted -s /dev/sda mkpart primary 513MiB 100%
-    $ mkfs.vfat -F32 /dev/nvme0n1p1
+    $ parted -s /dev/sda mkpart primary 2048s 2MiB
+    $ parted -s /dev/sda set 1 bios_grub on
+    $ parted -s /dev/sda mkpart primary fat32 2MiB 515MiB
+    $ parted -s /dev/sda set 2 boot on
+    $ parted -s /dev/sda set 2 esp on
+    $ parted -s /dev/sda mkpart primary 540MiB 100%
 
-Create and mount the encrypted root filesystem. Note that for UEFI systems
-this will be partition 3.
+Create and mount the encrypted root filesystem.
 
-    $ cryptsetup luksFormat --type luks1 /dev/sda1
-    $ cryptsetup luksOpen /dev/sda1 lvm
+    $ cryptsetup luksFormat --type luks1 /dev/sda3
+    $ cryptsetup luksOpen /dev/sda3 lvm
     $ pvcreate /dev/mapper/lvm
     $ vgcreate arch /dev/mapper/lvm
     $ lvcreate -L 8G arch -n swap
@@ -57,32 +47,26 @@ this will be partition 3.
     $ mount /dev/mapper/arch-root /mnt
     $ swapon /dev/mapper/arch-swap
 
-(UEFI mode) Encrypt the boot partition using a separate passphrase from
-the root partition, then mount the boot and EFI partitions.
+Format and mount the EFI partition.
 
-    $ cryptsetup luksFormat --type luks1 /dev/sda2
-    $ cryptsetup luksOpen /dev/sda2 cryptboot
-    $ mkfs.ext4 /dev/mapper/cryptboot
-    $ mkdir /mnt/boot
-    $ mount /dev/mapper/cryptboot /mnt/boot
-    $ mkdir /mnt/boot/efi
-    $ mount /dev/sda1 /mnt/boot/efi
+    $ mkdir /mnt/efi
+    $ mkfs.fat -F32 /dev/sda2
+    $ mount /dev/sda2 /mnt/efi
 
-Optionally [edit the mirror list][9].
+Optionally edit the mirror list.
 
     $ vi /etc/pacman.d/mirrorlist
 
-Install the [base system][10].
+Install the base system.
 
-    $ pacstrap -i /mnt base base-devel linux linux-firmware lvm2 dhcpcd net-tools wireless_tools dialog wpa_supplicant vi git grub ansible
-    (UEFI mode) $ pacstrap /mnt efibootmgr
+    $ pacstrap -i /mnt base base-devel linux linux-firmware lvm2 dhcpcd net-tools wireless_tools dialog wpa_supplicant efibootmgr vi git grub ansible
 
-Generate and verify [fstab][11].
+Generate and verify fstab.
 
     $ genfstab -U -p /mnt >> /mnt/etc/fstab
     $ less /mnt/etc/fstab
 
-Change root into the base install and perform [base configuration tasks][12].
+Change root into the base install and perform base configuration tasks.
 
     $ arch-chroot /mnt /bin/bash
     $ export LANG=en_US.UTF-8
@@ -98,42 +82,26 @@ Change root into the base install and perform [base configuration tasks][12].
     $ systemctl enable dhcpcd.service
     $ passwd
 
-Set your mkinitcpio encrypt/lvm2 hooks and rebuild.
+Set your mkinitcpio encrypt/lvm2 hooks.
 
     $ sed -i 's/^HOOKS=.*/HOOKS=(base udev autodetect modconf block keyboard encrypt lvm2 resume filesystems fsck)/' /etc/mkinitcpio.conf
-    $ mkinitcpio -p linux
 
-(BIOS mode) Add a keyfile to decrypt the root volume and properly set the hooks.
+Add a keyfile to decrypt the root volume and properly set the hooks.
 
     $ dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
-    $ cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
+    $ cryptsetup luksAddKey /dev/sda3 /crypto_keyfile.bin
     $ chmod 000 /crypto_keyfile.bin
     $ sed -i 's/^FILES=.*/FILES=(\/crypto_keyfile.bin)/' /etc/mkinitcpio.conf
     $ mkinitcpio -p linux
 
-(UEFI mode) Add a keyfile to decrypt and mount the boot volume during startup.
-
-    $ dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
-    $ cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin
-    $ chmod 000 /crypto_keyfile.bin
-    $ echo "cryptboot /dev/sda2 /crypto_keyfile.bin luks" >> /etc/crypttab
-
 Configure GRUB.
 
     $ echo GRUB_ENABLE_CRYPTODISK=y >> /etc/default/grub
-
-    # BIOS mode - set the UUID of the encrypted root device
-    $ ROOTUUID=$(blkid /dev/sda1 | awk '{print $2}' | cut -d '"' -f2)
-    $ sed -i "s/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID="$ROOTUUID":lvm:allow-discards resume=\/dev\/mapper\/arch-swap\"/" /etc/default/grub
-    $ grub-install /dev/sda
-    $ grub-mkconfig -o /boot/grub/grub.cfg
-    $ chmod -R g-rwx,o-rwx /boot
-
-    # UEFI mode - set the UUID of the encrypted root device
     $ ROOTUUID=$(blkid /dev/sda3 | awk '{print $2}' | cut -d '"' -f2)
     $ sed -i "s/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID="$ROOTUUID":lvm:allow-discards root=\/dev\/mapper\/arch-root resume=\/dev\/mapper\/arch-swap\"/" /etc/default/grub
+    $ grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --recheck --removable
+    $ grub-install --target=i386-pc --recheck /dev/sda
     $ grub-mkconfig -o /boot/grub/grub.cfg
-    $ grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub --recheck
     $ chmod -R g-rwx,o-rwx /boot
 
 Cleanup and reboot!
@@ -146,14 +114,7 @@ Run ansible!
 
 
 [1]: https://www.archlinux.org/
-[2]: https://wiki.archlinux.org/index.php/Beginners'_guide
-[3]: https://wiki.archlinux.org/index.php/Installation_guide
-[4]: https://wiki.archlinux.org/index.php/Encrypted_LVM#LVM_on_LUKS
-[5]: http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
-[6]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_.28GRUB.29
-[7]: https://wiki.archlinux.org/index.php/HiDPI
-[8]: https://wiki.archlinux.org/index.php/Beginners'_guide#Update_the_system_clock
-[9]: https://wiki.archlinux.org/index.php/Beginners'_Guide#Select_a_mirror
-[10]: https://wiki.archlinux.org/index.php/Beginners'_Guide#Install_the_base_system
-[11]: https://wiki.archlinux.org/index.php/Beginners'_guide#Generate_an_fstab
-[12]: https://wiki.archlinux.org/index.php/Beginners'_guide#Configure_the_base_system
+[2]: https://wiki.archlinux.org/index.php/Installation_guide
+[3]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS
+[4]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB)
+[5]: https://wiki.archlinux.org/index.php/HiDPI