Install Void Linux ARM64 on UEFI with Disk Encryption

· 524 words · 3 minute read

I recently needed to run an isolated VM on my Macbook. I wanted to work on the Mac where I would not leave any trace on it in case it went through a forensic analysis. So I decided to setup a Linux VM with an encrypted disk. This would allow me to operate in more or less isolation from the host Mac and not worry about disk image recovery after I delete it. Here are the instructions on how you, too, can set up a VM like this on your Mac. You will need UTM and an Apple Silicon Mac which is why all the fuss exists for ARM64.

First download and install UTM on your Mac. Then download the Void Linux base image for arm with glibc from the site. As of writing this post, I used void-live-aarch64-20250202-base.iso

Next, get the install script to setup the VM from this repo:

git clone [email protected]:sheran/voidvm-arm-efi-installer.git
cd voidvm-arm-efi-installer

Run a python web server in this directory so that the script is hosted:

python -m http.server 8008

Then create a new VM on UTM. I used pretty much all the defaults. Of course, set your memory, CPU cores and disk size to what it is you can afford to set. Attach the image you downloaded to the CDROM and boot it up and then login to the machine with username root and password voidlinux

Next, let’s install curl so that we can download the script we need to setup the machine:

xbps-install -Sy curl

Now, let’s get the IP address of the gateway which is also the host that is running the python server. If you used the Void Linux image and your networking was configured, run:

ip route show default

And you should see something like this:

default via 192.168.64.1 dev eth0 proto dhcp src 192.168.68.58 metric 1002

In this case, my default gateway is 192.168.64.1

Finally, we run curl and pipe it to sh:

curl -fsSL http://192.168.64.1:8008/setup.sh | sh

Replace 192.168.64.1 with whatever the IP address was from before.

This should kick off the entire installation process with the defaults. It will assume the disk you will install to is /dev/vda ALL data will be erased on that without confirmation. The script will also set the disk encryption and root password to password.

If you want to change the disk and the password to your own values, run the script like this:

curl -fsSL http://192.168.64.1:8008/setup.sh | DISK="/dev/sda" CRYPT_PASSWORD="s3kr3tp455" sh

The script sets both disk encryption password and root password to the same, it should be fairly trivial to change this if you look at the script.

Once the installation completes, you can type poweroff to switch the machine off. Then clear the ISO image from the CDROM drive attached. Lastly, you can boot into your newly created Void Linux VM. You will be prompted to enter the decryption password as shown in the image below.

Decryption password

Now you can go ahead and add another user, install XFCE, etc. It’s not my place to tell you how to party.

If you run into any issues with this, feel free to go and open an issue on https://github.com/sheran/voidvm-arm-efi-installer

linux encryption lvm uefi void