Hi there,
I’d like to prepare myself to fully migrate from Manjaro into EnOS. I’m going to install all from scratch, so no need to worry about destroying something.
What I want to achieve is to have:
- encrypted W11 installation -
C:\\
- encrypted
/home
partition - encrypted, shared storage
ntfs
partition -D:\\
=/mnt/MAG
- booting orchestrated by
systemd-boot
I don’t want to encrypt everything because if something goes wrong, I want to have one OS bootable but at the same time, I need to encrypt data as it’s a laptop.
My current setup is like below (last partition is normally encrypted but now I’m testing EnOS, so I decrypted it while doing space for EnOS).
W11 is bitlocker, Linux has dedicated /
partition not encrypted and dedicated /home
partition encrypted. GRUB
orchestrates booting and decrypting /home
.
I don’t have any former experience with systemd-boot
, so I have a couple of questions:
- given what I want to achieve may I simply install both OSes and then encrypt all, step-by-step similar to
GRUB
(except for/home
which I encrypt usingcalmares
while installing EnOS)? - will
systemd-boot
manage passwd prompt for/home
encrypted that way? - AFAIK kernels require to be signed with keys - I found that article https://wiki.archlinux.org/title/systemd-boot but it says that signing is required only if secure boot is enabled in UEFI. Is that right, assuming that i don’t have secure boot, does that mean I can omit that signing process?
- What is the best way to manage
timeshift
snaps withsystemd-boot
? - Is there a better way to have that common storage partition without using the
/etc/crypttab
and file-based decryption?
Sorry for that epic post - any guidance appreciated. Cheers.