This guide is for anyone who wants a fully bootable, snapshot-capable Arch Linux system with Secure Boot enabled. It’s aimed at users who:
- Prefer using
archinstallfor faster setup rather than manual partitioning, especially if facing time sync / NTP issues during install. - Want a Btrfs root with subvolumes for easy snapshots and rollbacks.
- Need guidance on Secure Boot key management using
sbctl. - Appreciate clear, step-by-step instructions and practical examples rather than theoretical documentation.
⚠️ If you are following this guide, read everything before starting, verify compatibility with your system, and consult the ArchWiki for tool-specific details.sbctlcarries the highest risk if misused.
⚠️ Warning: This is a guide for myself so I don't forget the steps I did on my own PC. If you follow it, please read everything first and make sure your system matches the assumptions in this guide. The only tool I give a serious disclaimer for issbctlbecause improper use can brick your system.
This guide is broken into stages that reflect the actual install flow I used. Each section builds on the previous one, starting with pre-install fixes and ending in a fully bootable, snapshot-capable Arch Linux system.
🔧 Start with
1. PreSetup— if you skip that, time sync or keyring issues may causearchinstallor package installs to fail.
-
Get your system ready for a smooth Arch installation by fixing time sync issues, disabling Secure Boot temporarily, and initializing Pacman's keyring.
-
Edit Timesync Configuration (Prevents time-related install failures due to blocked NTP servers)
-
Enable and Sync Time (Ensures system clock is accurate — required for HTTPS and secure installs)
-
Update Pacman Keys (Avoids signature verification errors during package installs)
-
-
-
Manual partitioning and subvolume creation
-
GRUB setup and Secure Boot using
sbctl -
Includes
/swapsubvolume and swapfile at/swap/swapfile
-
-
3. SecureBoot on Arch using SBCTL
-
Signing kernel and EFI binaries
-
Key creation and firmware enrollment
-
Troubleshooting quirks
-
-
4. Btrfs Snapshots and Rollbacks
-
Automatic and manual snapshot creation
-
GRUB boot entry integration optional
-
Pacman integration with
snap-pac
-
| Device | Size | Type | Mount Point | Description |
|---|---|---|---|---|
| /dev/sda1 | 500MB | FAT32 | /boot/efi |
EFI partition (GRUB) |
| /dev/sda2 | 1GB | ext4 | /boot |
Kernel + GRUB files |
| /dev/sda3 | ~2TB | Btrfs | / |
Main Btrfs volume |
| Subvolume | Mount Point | Purpose |
|---|---|---|
@ |
/ |
Root filesystem |
@home |
/home |
User data |
@log |
/var/log |
Logs |
@pkg |
/var/cache/pacman/pkg |
Pacman cache |
@snapshots |
/.snapshots |
Snapper-managed snapshots |
@swap |
/swap |
Swapfile stored here |
-
Subvolume:
@swap -
Mount point:
/swap -
Swap file path:
/swap/swapfile -
Created using
fallocate+chattr +Cto disable COW