Download Arch Linux from one of the official sources.
Always Verify Checksums
It is important to download Arch Linux from a trusted source. Always check the download against signatures and checksums published on the official Arch Linux website. Do not trust signatures published by download mirrors or 3rd party websites, as they could be tampered with.
To verify the PGP signature with GnuPG, first download the release signing key from WKD
gpg --auto-key-locate clear,wkd -v --locate-external-key pierre@archlinux.orgThen verify the signature
gpg --keyserver-options auto-key-retrieve --verify archlinux-<version>-x86_64.iso.sig archlinux-<version>-x86_64.isoOn a system already running Arch Linux, pacman can be used to verify the Installation Medium.
pacman-key -v archlinux-<version>-x86_64.iso.sigCreate a bootable medium from the downloaded and verified Arch Linux ISO. For example, a bootable USB flash drive.
Execute the following command to copy the downloaded ISO to the USB flash drive.
Caution
The following command will permanently delete the data of the destination device. Make sure to specify the correct destination device and to back up important data prior to executing this.
dd bs=4M if=<path to archlinux iso> of=/dev/disk/by-id/usb-<your flash drive> conv=fsync oflag=direct status=progress
syncTip
After using the USB flash drive for the arch linux ISO, the following command must be executed to delete the ISO 9660 filesystem signature and use the drive again as a normal USB flash drive.
wipefs --all /dev/disk/by-id/usb-<your flash drive>For more details see the Arch Wiki.
For other methods, see Burning an Optical Disk or PXE Network Boot.