Well, as usual, I am trying to play with EndeavourOS on an extra laptop.
I made 3 partitions as per the the photo below.
What I want to do is to have only my /home encrypted and protected with LUKS with a password different from the login password so that I can send my laptop for maintenance, they have the login password but won’t give them the password for my protected /home.
This photo does not show all the details I need to put while doing the installation. I will appreciate if someone give me details about what to put where exactly.
The second option “Replace partition” “Next” button does nothing.
The third option gives me the three partitions and next button takes me to next screen (photo below)
I am having a little issue as I am not sure what check boxes for each partition should be checked (the small window boot, bios-grub…etc)
As well, I tried to figure out and maybe I did mistakes as after finishing this stage and start entering user name and login password I get an error as in the photo.
I don’t know what exactly I am doing wrong or why this error.
To summarize what I need to have:
Separate BTRFS /home partition with a different LUKS password (service center has login password but not LUKS password for my home)
BTRFS system partition without LUKS
Any guidance and detailed info what to put where exactly will be highly appreciated.
I don’t know your use case but 100 GB for the system partition seems to be excessive. Even with half of that you could install a whole lot of applications.
What’s your own experience of the systems you have had, about the size of the system partition specifically?
Well i can only say i installed in vm using manual partitioning and had no issue. For luks you only need to check the box to encrypt and then enter the passwords you are setting. Also you don’t set the flag for boot on the btrfs partition. This is only done for the /efi partition.
Sure, it seems I was messing up the check boxes and mount points.
It went fine as I did as what phind.com suggested.
But I don;t know why I did not get this option for entering LUKS password to encrypt /home. I will try and do it manually.
Don’t do what phind.com tells you. Otherwise why bother asking on this forum? It is the devs and users of EOS that know EOS better and how the installer works or is supposed to.There are going to be times that certain issues will happen under certain circumstances and certain hardware. It can be a user issue or a hardware issue or a firmware issue or a software issue related to partitions or the drive etc. One never knows sometimes why these things happen or when they are going to happen. One can only try to figure out why once it does.
This maybe true. I myself don’t always understand looking at the log what the issue is if it only tells me that it failed. Depends on what the log shows where it failed and what the process was.
Easy on me @ricklinux
I see all, and mean ALL, as just another way of searching, it reads and organizes the data sort of smartly no more. It is like me searching, reading, and concluding then writing what I concluded. But it is the AI that does it.
By no means it is an alternative or more experienced than the experts here I am sure. Why would I be posting here in the first place.
I asked it to get me the proper configuration and what I should put where. It just got me something I did manually a few days ago searching and reading and doing what I am reading.
I had a screenshot of what I did few days ago but the photo I have does not have all the info I needed. That’s all.
For you to just understand what I am doing, I am just trying to learn and do new things with EndeavourOS on an extra laptop I have just to learn and keep learning.
I already have my main laptop with EndeavourOS installed (BTRFS, Snapper, BTRFS Assistant, Grub) and it is working fine.
I am just trying to find a way to use LUKS on my home folder in a way that when I send my laptop for service or to add RAM or whatever they will login but my home folder has another password so that they can’t even see my /home.
I successfully did the configuration I got from the search on phind.
Not trying to be hard on you. Normally when using erase disc with swap file and setting btrfs calamares sets up all the btrfs subvolume stuff. I’m not an expert on any of this so when you create a partition /home with btrfs using the manual method I’m not sure if it is separate from the subvolumes in @ / This is something better explained by @dalto or @joekamprad because to be honest i just know how to use it and get by. Explaining the intricacies is above my pay grade!
From my understanding of btrfs, you create a partition, on that partition you create btrfs file-system and on that btrfs file-system you can create sub-volumes. To encrypt only /home you would most likely need to create a separate btrfs file-system for /home and then create a home sub-volume for that. Only way I can see to do that with btrfs would be to setup separate encrypted partition for that file-system, de-crypt it, mount it and then create a separate home sub-volume on that. That way you can have a separate btrfs file-system for root(/) that is not encrypted. Because a btrfs file-system is created on a partition and from what I’ve seen of sub-volumes I don’t think it’s possible to encrypt separate sub-volumes but only the partition.
I agree the people you mentioned can probably explain it better, but just from my use of btrfs and having set it up several times this is what sounds the most logical of the way I have set it up how it’s explained in the btrfs Archwiki page.
I highly appreciate your response and all your responses. All I can say you are more experienced than me.
FYI, I could finally do it, and I believe I have 3 different and separate partition with /home only encrypted with LUKS.
This is part of my inxi:
The issue I had was not putting the correct mount points and correct check boxes which I got from the AI search engine.
I repeat again, for me all the AI is just a search engine, not an expert for sure. It is just a bit smarter search engine that in simple English searches the web or the documents it has been trained on (as I would do manually with a google search) and read and extract relevant info then present me with the conclusion.
But for sure it will never be a replacement for the real human experts here.
It is simply just a smarter search engine. I simply searched for the settings and what should I put where (check boxes and mount points), so it gave me just a search result.
No way it will replace the community.= and the experts here.
To be honest, I am still struggling to perfectly understand sub volumes, partitions,
this raises another question, I hope the experts here answer this, is it possible?
I hope some expert would explain as if I am a 5 years kid!
Reading the btrfs page from the Archwiki is a good start, that’s what I used during the several times I set it up manually. It will give you a good idea of how it works if you go through some of the basics there.
To be honest I don’t understand subvolumes on a level I’m comfortable with either. I let the installer set it up because i know what it’s doing using erase disc with swap. I’m just not sure how it works when creating an /home using manual partitioning.
I just visualize a Btrfs partition and subvolumes like a big box, for example /dev/sda1 formatted as Btrfs with some other small boxes inside. These would be the subvolumes.
The advantage of this is that these subvolumes don’t need to have an specified size when creating them, like the traditional partitions do. They can grow in size until there is no space left (on /dev/sda1) or they can shrink in size if things are deleted inside them. Then this space can be used by all the other boxes/subvolumes.
I am by no means a superuser of Btrfs and I make a very basic use of them.
OP’s wanting to have their home data encrypted, they need to create the @home on an encrypted partition because there is no possibility yet to create individual encrypted subvolumes.
So their set up should look like, with manual partitioning something like:
/dev/sda1 for EFI
/dev/sda2 for @ and other system subvoulumes like @cache etc.
/dev/sda3 encrypted for @home
These will each get their mountpoint and entries in /etc/fstab as usual.
Not an expert but interested in the subject. As of now, there is no ready at hand feature to encrypt individual subvolumes. Work is being done but it is still quite experimental as I have understood it.
You can watch the video I posted before. It is a bit technical and above my head but you will get the general idea.
