You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2022-06-07 17:29:00
- Daedalus24
- Member
- From: Bucharest, Romania
- Registered: 2015-03-27
- Posts: 51
- Website
Btrfs subvolumes+encryption+refind
I have decided to use encryption on a new office laptop (Asus Vivobook 7600Q-2007X 16", AMD Ryzen 7, GeForce RTX), with Win11 preinstalled. It took almost 20 hours of wait until I was able to access the OS partion under Windows (EaseUS Partition Manager returned "BitLocker encryption in progress, please wait"). I decrypted the OS partition and started to format the SSD. The /boot partition was doubled in space, then I manually partitioned the SSD as follows
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1 259:0 0 953.9G 0 disk
├─nvme0n1p1 259:1 0 446.1M 0 part /boot
├─nvme0n1p2 259:2 0 144.5G 0 part
├─nvme0n1p3 259:3 0 130.9G 0 part
├─nvme0n1p4 259:4 0 22G 0 part [SWAP]
├─nvme0n1p5 259:5 0 1G 0 part
├─nvme0n1p6 259:6 0 200M 0 part
└─nvme0n1p7 259:7 0 654.8G 0 part
└─luks 254:0 0 654.8G 0 crypt /var/log
/var/cache
/home
/.snapshots
/I created a swap partition (labeled as /dev/nvme0n1p4), as it was my intention to enjoy the advantages of zswap (the wiki says it is preferable to zram and that it works only in conjunction with a dedicated swap partition). Moreover, sometimes I turn the laptop into suspend mode instead of shutting it down when I go to bed. I consider the security risk of having a non-encrypted swap partition (with zswap) as more than acceptable. I'm sure a better way exist, can you please give me a few hints?
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
nvme0n1
├─nvme0n1p1
│ vfat FAT32 SYSTEM
│ 66FE-32E1 295M 34% /boot
├─nvme0n1p2
│ ntfs OS A633000332FFD671
├─nvme0n1p3
│ ntfs 01D86C69A62750F0
├─nvme0n1p4
│ swap 1 48027649-e023-44f6-bd7d-75b20035f72e [SWAP]
├─nvme0n1p5
│ ntfs RECOVERY
│ 245447255446F956
├─nvme0n1p6
│ vfat FAT32 MYASUS
│ 5A0D-A168
└─nvme0n1p7
crypto 2 911fcc24-b622-4f36-8f79-057acdc40393
└─luks
btrfs ROOT b1ae555f-7861-4abc-b079-dec2af172849 386.2G 41%
/var/log
/var/cache
/home
/.snapshots
/As I am a big fan of refind, I had to reboot the system a few times into emergency mode (using the installation USB disk) until I managed to identify an operational configuration. Thus, my refind_linux.conf file looks like (where /dev/mapper/luks is the encrypted partition)
"Boot using default options" "cryptdevice=UUID=911fcc24-b622-4f36-8f79-057acdc40393:luks root=/dev/mapper/luks luks=UUID=b1ae555f-7861-4abc-b079-dec2af172849 rw rootflags=subvol=@ initrd=amd-ucode.img initrd=initramfs-%v.img add_efi_memmap"
"Boot with fallback initramfs" "cryptdevice=UUID=911fcc24-b622-4f36-8f79-057acdc40393:luks root=/dev/mapper/luks luks=UUID=b1ae555f-7861-4abc-b079-dec2af172849 rw rootflags=subvol=@ initrd=amd-ucode.img initrd=initramfs-%v-fallback.img add_efi_memmap"
"Boot to rescue mode" "cryptdevice=UUID=911fcc24-b622-4f36-8f79-057acdc40393:luks root=/dev/mapper/luks luks=UUID=b1ae555f-7861-4abc-b079-dec2af172849 rw rootflags=subvol=@ rescue initrd=initramfs-%v-fallback.img"
"Boot to single-user mode" "cryptdevice=UUID=911fcc24-b622-4f36-8f79-057acdc40393:luks root=/dev/mapper/luks luks=UUID=b1ae555f-7861-4abc-b079-dec2af172849 rw rootflags=subvol=@ initrd=amd-ucode.img initrd=initramfs-%v.img archisobasedir=arch archisolabel=ARCH_202206 single"
"Boot to emergency mode" "cryptdevice=UUID=911fcc24-b622-4f36-8f79-057acdc40393:luks root=/dev/mapper/luks luks=UUID=b1ae555f-7861-4abc-b079-dec2af172849 rw rootflags=subvol=@ emergency initrd=initramfs-%v-fallback.img"
Was there any simpler way to do it?
I have looked on
https://bbs.archlinux.org/viewtopic.php?id=264218
in order to make refind load the Arch Linux icon instead of the Linux penguin. I added
icons_dir icons
at line 80 in /boot/EFI/BOOT/refind.conf, but it did not help.
Thank you,
Bogdan
Last edited by Daedalus24 (2022-06-07 17:31:23)
Offline
#2 2022-06-14 02:16:58
- XeroDotCom
- Banned
- From: Thorn ᚹ
- Registered: 2022-06-13
- Posts: 4
Re: Btrfs subvolumes+encryption+refind
There's an error with the initramfs if it's a constant issue, should you reinstall download Dracut to generate the Fstab & init, usually with an era such as this it's because either the wrong fs label or UUID was added to the Fstab it or there is also the slight chance that for some reason it actually changed. Also for the sake of curiosity what Luks is it 1 or 2? Dracut is the best at Auto detecting all partitions encryption sub volumes etc with minimal to no user involvement.
Last edited by XeroDotCom (2022-06-14 02:22:23)
ᛩ King Mặsặdặ ᚹ
XeroNet
What's past is prologue"
Offline
#3 2022-06-16 17:23:00
- Daedalus24
- Member
- From: Bucharest, Romania
- Registered: 2015-03-27
- Posts: 51
- Website
Re: Btrfs subvolumes+encryption+refind
Hi @XeroDotCom,
Thank you for the advice 
, until now it seems there is no need to reinstall. It is working all right, booting is super fast 
. I had some issues with suspend, as the computer was powering on randomly by itself. So I ran again
# mkinitcpio -p linux-zenand added the following
resume=UUID=UUID-of-swap-partitionto the refind_linux.conf file. And resume works now!
It is LUKS version 2. I'll post if anything notable happens meanwhile.
Cheers
Last edited by Daedalus24 (2022-06-16 17:32:32)
Offline
Pages: 1