Configure systemd
Once you have installed Arch Linux, you need to change how the system boots. We will be using systemd because it can automatically detect your system partitions and is aware of the TPM for decryption. While it is possible to configure your system otherwise, this is out of the scope of this document.
Assuming you chose the option to perform additional configuration at the end of archinstall you can skip ahead to the next part of this page. If you rebooted, you will need to log in and elevate your permissions to administrative to continue. If you're in a desktop environment like Gnome or KDE, press the Super (Windows) key, and start typing terminal. Select the terminal application that it finds.
Once you are in a terminal window, elevate your privileges to root with the following command:
sudo -i
Important warning
It is important to follow these steps exactly, in particular the change to the HOOKS in /etc/mkinitcpio.conf, and the change to /etc/kernel/cmdline. Doing either of these steps incorrectly can leave your computer in a state where it will no longer be able to boot Arch. While it is possible to undo this error, that is outside of the scope of this document: As we're dealing with a fresh install of the system, I advise reinstalling instead as it is much simpler.
Change /etc/mkinitcpio.conf to build an image with systemd
Open the file /etc/mkinitcpio.conf in the Nano editor.
nano /etc/mkinitcpio.conf
I have chosen nano for this guide because it is easier to pick up for a new Linux user. All important keyboard shortcuts in nano will appear across the bottom of the screen, with the ^ indicating the CTRL key. For example, ^O is means CTRL-O, which is the shortcut to save the file you are working on. For more information, see nano crash course on Learn Linux TV's Youtube channel.
Find the line that begins HOOKS= in the file. You need to change the options here so that mkinitcpio will build a systemd image. It should look like this:
HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
Save the file, and quit nano.
Linux boots using what's called an initial ramdisk, or initrd for short. This is a small bootable system that contains the core system and drivers necessary for Linux to finish loading your system. The HOOKS line tells the system what it needs to include in this ramdisk: systemd, sd-vconsole, and sd-encrypt are the key options that need to change from the default, as they have everything necessary to automatically detect your encrypted partitions and decrypt them using the TPM. Where they appear in the line is critical: placing them in the wrong part of the line can cause your system to fail to boot. You may also see an option for btrfs in the line if you chose that file system: leave it in place. Remove any references to udev, usr, resume, keymap, consolefont, and encrypt if they are present: these are replaced by the systemd, sd-vconsole, and sd-encrypt entries. More information
Edit the kernel commandline
We need to change the Linux boot options, as the default configuration in a non-systemd system will cause systemd to be unable to detect your partitions correctly and boot. Edit the file /etc/kernel/cmdline
nano /etc/kernel/cmdline
Remove the cryptfs, root=, and rw options. These are not necessary with systemd, as it will automatically detect your system partitions. This is why partition type selection was so important during the installation, and is the reason that this guide is written for Arch instead of another system like Ubuntu or Fedora. Save the file and quit nano.
For reference, this is what my kernel cmdline file contains:
quiet
The quiet option tells Linux to suppress the wall of text that appears when you're booting. As an added bonus, this adds a nice Arch Linux splash screen which is embedded as part of building the Unified Kernel Image. There may be additional options if you selected btrfs as part of the installation: these still need to be present.
Build a new Linux initrd
Once you've made the needed changes to /etc/mkinitcpio.conf and /etc/kernel/cmdline, you need to build a new Unified Kernel Image. Do so with the following command:
mkinitcpio -P
Exit the arch chroot, and reboot
If you are still running under the archinstall steps, return to the install medium with the following command:
exit
Then, turn off your computer with the following command:
poweroff
Remove the USB drive from your computer, and power back on.
If you had already booted into the system after the install, then reboot using your desktop environment's menus.
If everything worked, your computer will boot normally, but it will still ask for a password to decrypt the hard drive. This is expected. The next step is to configure SecureBoot, which is covered in the next section.