New installation, encryption with or without /boot, LVM

[Sidpiet]

Dear Forum,

I try to install Siduction first time on Laptop/EFI.
Unfortunately the standard installer crashed, if I like to write the partitions to the laptop.
It seems, that there are known problems with LVM.

My question is, what is the best way (or the most easy way  )to get an encrypted installation for Siduction (Desktop XFCE)?

Thank you!

kind regards

Sidpiet

[scholle1]

Please excuse the long time it took to reply.

We talked about this in our chat #siduction (OTFC). It concerned full disk encryption (fde) / encrypted root partition in conjunction with grub and the installer calamares. An error was discovered in our manual.

My question is, what is the best way (or the most easy way  )to get an encrypted installation for Siduction (Desktop XFCE)?

Our main developer towo responded to the averaging "Libreboot could do luks1 with full os encryption [...]"

Grub could even do that, but no one wants fde with luks1. Grub even could do luks2, but not with argon2id which is standard for luks2 and since calamares has only one setting, luks1 or luks2, disabling fde for automated partitioning is the only way, we can go.

Recommended:
Installation in a root partition encrypted with LUKS2. The encrypted system requires at least three partitions.

/dev/xxxx1 unencrypted and mounted at /boot/efi,
/dev/xxxx2 unencrypted and mounted at /boot,
/dev/xxxx3 an empty, unused area on the disk for the encrypted system (later mounted at /).

Please refer to the chapter <Installation><Installation on HDD><Encrypt system> in the updated manual at https://manual.siduction.org/index_en.html

[Sidpiet]

Dear All,


thank you for your posts.
I'll try to encrypt only / with cryptsetup on a 56GB testing laptop.

I guess that I have to give  a passphrase once if / will be decrypt.

KR

Sidpiet