I’m quite a newbie with arch Linux and EndeavourOS, but not new to Linux. So, I installed EndeavourOS about a week ago, and I turned on encryption during the installation. I used the normal online installer to pick KDE as the DE.
It surely works fine, but I have a problem with how the encryption is configured, currently, there are three partitions: an unencrypted efi partition with systemd-boot, an encrypted root partition (LUKS, password-protected) and a separate swap partition, also encrypted with LUKS, but they share the password.
Every time I boot into the system, I get prompted for a disk password twice (once for each partition).
On my last setup, I used LVM to put the root and swapfile into one LVM setup, so I only had to put the password in once.
How can I do that with my current setup? Is there a way to decrypt the swapfile automatically after decrypting the root partiton? Why is it not using lvm?
Thanks in advance,
Moon
// I don’t think they help in this case, because it’s about the installer //
Hardware information: https://0x0.st/oRLM.bin
Even though they share the same password they are still separately encrypted and have to be decrypted separately.
That is a good solution to the problem.
I have not tested it, but I think the installer supports lvm via manual partitioning.
If you use grub instead of systemd-boot it will encrypt the additional datasets with a keyfile and then use a keyfile to unlock them. We have not yet tested this approach with systemd-boot yet.(The option to use systemd-boot was only recently added)
I choose it as the recommended option in the installer. The old system I was talking about used grub2. I’m sure that you could repeat my experience if you would download the latest installer and choose systemd-boot + LUKS encryption.
The issue is that the initrd doesn’t have access to the keyfile. If you add the keyfile to the keyfile to the initrd, it will work exactly like you want. However, since the initrd lives in an unencrypted space, that would basically defeat the encryption. I am not sure if there is a way around that. It would need more testing and experimentation.
I can think of two ways to deal with your situation, use lvm or switch to grub.
I really like systemd-boot, so I will probably keep to that. I think I understand the situation now, and I think there is no good way with dealing with it, but I really don’t want to reinstall because I set everything up so neatly. I guess there goes an evening of backing up my config files, installed packages list, etc. Thanks for the help anyway.