Ok, I'm getting ready to make an encrypted BTRFS system. Am I doing this the right way?

General system EndeavourOS installation
1

Greetings fellow humans, human Fellas.

This is the first time I am trying LUKS encryptiom and BTRFS install system.

I wanted to double check with the Linux gurus to see if what I am doing is what I should be doing.

So, I’ll be doing this entirely via Calamaries(terminal scawy).

P.S. this is UEFI btw
First partition.
512MB FAT 32 as an EFI boot partition

Second partition
40GB BTRFS as the root partition

Thrid partition
Whatever is left on my hardrive EXT4 as my home partition.

No swap partition.

Select encrypt drive for the third partition and NOT the second partition.

Let calamaries do its thing and boom. New system ready to roll.

Would this be the right way to install EOS? Am I right to only encrypt the home partiton and leave Root alone?

This seemed to work on Pop!_OS but again, I’m trying thisnout for the first time so I have an irrational fear of messing this up.

P.S. On Popos, when installed the default auto installer with Encryption option, I get this whenever I boot.

20201118_215330_HDR
20201118_215330_HDR4032×3024 1.73 MB

If I enter my encryption password I get this screen, then shortly after, I boot.

20201118_215342_HDR
20201118_215342_HDR4032×3024 3.43 MB

Is it possible to get a simple GUI like this in EOS? Last time I did Encryption was kn Manjaro, and the decryption imterface was not pretty.

Thanks to anyome who come to help.

2
3

Yes. I’be already checked that out.

I really don’t want to use the terminal for installation though.

After reading, I think this is the GUI equivalent way, but I’m kust double checking with the community.

4

I am using Btrfs and LUKS with timeshift-autosnap . No trouble here .
But the last time I checked @2000 told me using different partitions for root and home was not supported . I think that was for formatting both root and home with Btrfs . But I don’t think you should use two partitions for home and root . What I did on my recent install after choosing manual partition was

  1. Create 512 MiB fat32 partition , set mount point as /boot/efi . Set flag boot
  2. Created 300 GiB btrfs partition , tick encryption , typed in my password . Set mount point / . Flag as root ( dunno if that’s necessary )
  3. Typed in username and other stuff , hit Install Now
  4. Rebooted , updated , installed timeshift & timeshift-autosnap from aur , installed grub-btrfs and cronie , enabled cronie.service , opened timeshift and selected BTRFS mode and selected root partition for snapshots , changed number of snapshots to keep in /etc/timeshift-autosnap.conf . Done !

@2000 did confirm this is right . If you have doubts about using ext4 for home partition ask him .

I did notice when copying large files within the filesystem it happens instantaneously , like hard linking file . Is that because of copy-on-write ??
Doing via terminal takes time , like on ext4 .

2 Likes
5

@2000 I need your wisdom. Would such an install result in a working system?

6

The main advantages of using one btrfs partition containing subvolumes like root, /home, /swap and others are, amongst others, …

  • the full disk encryption scheme in which everything (/boot, root and /home) is encrypted
  • near instantaneous creation and restoring of btrfs-snapshots for root and/or home. I use this for fearless experimenting with things that affect both root and home.
  • sharing drive space between the subvolumes; no problem with wasted or too small space compared to multiple ext4 partitions for example

But of course it’s absolutely possible to set up a separate home with ext4 and only encrypt this, if you so prefer.

I assume you’re referring to your first post and understand the question as “Would this work with the Calamares installer?” and am sorry to say I don’t know :laughing:.
I’ve stuck to the full disk encryption scheme for years (lvm with ext4 and now btrfs) and personally see no sense in not also encrypting root on a single user system. I therefore have never tested calamares’s abilities in setting up a system like you propose. On the other hand, it’s a pretty straightforward setup, so I don’t see calamares having too much problems getting it done.
You’ll just have to try it out yourself, :wink: . Ideally in a VM.

What I can tell you is that the decryption interface will be a standard text-input just like in your tryouts with Manjaro (so not “pretty”, no).

Additionally, if you only set up root on your btrfs partition, calamares may not create the root subvolume with the correct name (= @). This could be a problem if you want to use Timeshift’s btrfs-snapshot capabilities later on.

Please report back … I’m always interested in learning about calamares’s capabilities.

7

be very careful think about any trouble to access if failed on grub

  • you need a version grub specific for Btrfs
  • you have to be very careful between luks and luks2 ( coming )
  • what kind command will you need to access encrypt partitions , for chroot / repair ?