If you want to encrypt your SSDs in a RAID-0 setup with systemd-boot, you will use LUKS (Linux Unified Key Setup) to encrypt the partitions. Here is a detailed guide on how to do this:

Prerequisites

Make sure you have followed the steps up to creating partitions and have mdadm installed.

Step-by-Step Guide

1. Prepare the Disks for Encryption

  1. Identify Disks:

    lsblk

  2. Create GPT Partition Tables on each SSD (/dev/sda, /dev/sdb, /dev/sdc):

    gdisk /dev/sda
# Command: o (create a new GPT partition table)
# Command: w (write changes and exit)

gdisk /dev/sdb
# Repeat the same steps

gdisk /dev/sdc
# Repeat the same steps

2. Create Partitions

  1. Create EFI System Partition (ESP) on the first SSD (/dev/sda):

    gdisk /dev/sda
# Command: n (new partition)
# Partition number: 1
# First sector: default
# Last sector: +512M
# Hex code or GUID: ef00

# Write changes
# Command: w

  2. Create RAID Partitions on all SSDs (/dev/sda, /dev/sdb, /dev/sdc):

    gdisk /dev/sda
# Command: n (new partition)
# Partition number: 2
# First sector: default
# Last sector: default (remaining space)
# Hex code or GUID: fd00

# Write changes
# Command: w

# Repeat the same steps for /dev/sdb and /dev/sdc

3. Set Up RAID-0

  1. Create RAID-0 Array:
    mdadm --create --verbose /dev/md0 --level=0 --raid-devices=3 /dev/sda2 /dev/sdb2 /dev/sdc2

4. Encrypt the RAID Array with LUKS

  1. Install cryptsetup:

    pacman -Sy cryptsetup

  2. Set Up LUKS Encryption:

    cryptsetup luksFormat /dev/md0

  3. Open the Encrypted Device:

    cryptsetup open /dev/md0 cryptarray

5. Create Filesystems

  1. Format EFI System Partition (ESP):

    mkfs.fat -F32 /dev/sda1

  2. Format the Encrypted RAID Array:

    mkfs.ext4 /dev/mapper/cryptarray

6. Mount Filesystems

  1. Mount the Encrypted RAID Array:

    mount /dev/mapper/cryptarray /mnt

  2. Create and Mount ESP:

    mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

7. Install Arch Linux Base System

  1. Install Base Packages:

    pacstrap /mnt base linux linux-firmware

  2. Generate fstab:

    genfstab -U /mnt >> /mnt/etc/fstab

8. Chroot and Configure the System

  1. Chroot into the new system:

    arch-chroot /mnt

  2. Set Time Zone:

    ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
hwclock --systohc

  3. Locale Configuration:

    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf

  4. Network Configuration:

    echo "myhostname" > /etc/hostname
echo "127.0.1.1 myhostname.localdomain myhostname" >> /etc/hosts

  5. Set Root Password:

    passwd

9. Configure Initramfs for LUKS and RAID

  1. Edit /etc/mkinitcpio.conf to include block, mdadm_udev, encrypt, and filesystems hooks:

    nano /etc/mkinitcpio.conf

    Modify the HOOKS line:

    HOOKS="base udev autodetect modconf block mdadm_udev encrypt filesystems keyboard fsck"

  2. Rebuild initramfs:

    mkinitcpio -P

10. Install and Configure systemd-boot

  1. Install systemd-boot:

    bootctl install

  2. Create a loader configuration file:

    mkdir -p /boot/loader/
nano /boot/loader/loader.conf

    Add the following lines to loader.conf:

    default arch
timeout 5
editor 0

  3. Create a boot entry:

    mkdir -p /boot/loader/entries/
nano /boot/loader/entries/arch.conf

    Add the following lines to arch.conf:

    title   Arch Linux
linux   /vmlinuz-linux
initrd  /initramfs-linux.img
options cryptdevice=UUID=$(blkid -s UUID -o value /dev/md0):cryptarray root=/dev/mapper/cryptarray rw

    Replace the UUID part with the actual UUID of /dev/md0:

    blkid /dev/md0

11. Reboot

  1. Exit Chroot and Unmount:
    exit
umount -R /mnt
reboot

Remove the USB drive and boot into your new Arch Linux installation. You should be prompted to enter your LUKS passphrase to unlock the RAID-0 array. If everything is configured correctly, systemd-boot will load Arch Linux from your encrypted RAID-0 setup.