--- title: "Thinkpad E495 Arch Linux install" date: 2020-02-17T22:32:16-07:00 tags: - linux - laptop - install - hardware draft: false --- Gnupg to work with smart card needed to install pcsclite and ccid, enable/start pcscd.socket For custom fpass to work needed to copy customized fzf,bash and pass to correct locations. need to create a package build for this I got this decent piece of hardware a week earlier than expected, so it was a good thing that I had already ordered the hardware upgrades I wanted, those only arrived the day before the laptop. Since I had already installed [Arch Linux](https://www.archlinux.org/) on the 1TB NVME upgrade drive, the first thing I did was boot from that NVME enclosure to test my install on the actual hardware, I knew the install worked from booting on VirtualBox, but also to see if the e495 could boot from an external NVME enclosure. It did, unlike my [Yoga 2 Pro](https://en.wikipedia.org/wiki/Lenovo_Yoga_2_Pro). Once I had verified that the laptop booted my install I started with the upgrade process. ### Firmware and OEM Windows 10 Updates During my research for this laptop I discovered that lenovo has not added it to the [Linux Vendor Firmware Service](https://fwupd.org/), kind of a bummer and able to be worked around. Also since this is a Ryzen laptop it is very imperative to be running the most [recent UEFI firmware](https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-edge-laptops/thinkpad-e495-type-20ne/downloads/driver-list/). Another issue is that my studies at OU require use of software that only runs on Windows, so I wanted to test the software and get windows updated as well. To that end I spent a whole day running Windows update and then using the Lenovo update service for the firmware. Once all those updates were completed I proceeded to dismantle the laptop and replace/upgrade the NVME, 2.5" SSD, and RAM. ### Arch Linux Install This install was pretty easy, didn't have to boot the new hardware from a live USB. Since the new NVME came before the laptop and I got a NVME external USB enclosure for the OEM NVME SSD to reside in, I just put the new NVME in there and did the install, mostly, from my yoga 2 pro which is already running Arch. First step was to decide on a partition scheme and filesystems. I decided to encrypt the whole system, to make things simple, the partitions scheme is: ``` Partition Mount Point filesystem options nvme1 /boot/esp FAT32 nvme2 /boot ext4 nvme3 / btrfs dm-crypt with luks, compress=zstd subvolumes for /home / swap sda1 /home/ewpt3ch/data btrfs dm-crypt with luks and keyfile, subvols for media and vms ``` [dm-crypt](https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system) is the most appropriate option for my attack surface, prevent access to my data if the system is lost or stolen. The second drive is also encypted and listed in crypttab with a keyfile stored in /etc/drive-keys, I figure if someone gets into the root partition it's already game over. I' still looking into using the TPMS somehow to automatically decrypt the drive or use a solokey or some other hardware token instead. If it's present decrypt, if not ask for a password. Currently it's just a password. Notice there is no swap partition. In order to keep things simple, we're using [swap files with systemd-swap](https://github.com/Nefelim4ag/systemd-swap). I thought BTRFS didn't support swap files, well that is not longer true according to [Arch Wiki](https://wiki.archlinux.org/index.php/Btrfs#Swap_file), [this pull request](https://github.com/Nefelim4ag/systemd-swap/pull/92), and [BTRFS FAQ](https://btrfs.wiki.kernel.org/index.php/FAQ#Does_btrfs_support_swap_files.3F).