Adding another partition to a LUKS encrypted system

Hi all,

I received an SSD from a friend that I’m trying to split between my Windows and Manjaro installations. My Manjaro installation is encrypted and in my search for guides on how to add the new SSD partition I’ve come across horror stories of LUKS not being amenable to the addition of partitions in various ways; generally leading to data loss.

So I have a couple questions:

  1. is adding an ext4 partition to my system so that I only need one password on boot to decrypt all partitions possible?

  2. If so, how do I go about it?

  3. If not, is adding the partition to my system as an unencrypted partition safe (i.e. I don’t have much more of data loss risk than I would with normal partition editing) and would it compromise the rest of my system’s security?


Make a backup. You should already have one, but just in case. Read the Arch wiki entries, make a plan, read the Arch wiki articles again.
Create a empty partition. Create a LUKS container at this partition. Unlock it and create a Filesystem in this LUKS container. Add a keyfile to this LUKS container header. Save the keyfile in your encrypted Root partition (very important). Create a crypttab entry and a fstab entry so it is mounted on boot.

Some links
Of course the home is just an example. Do not replace your Home!

If you safe a file containing your LUKS password on an unencrypted file-system, I would call this a security problem. But if you just safe unimportant files, it is not a problem. But everybody that has physical access to your devices can read the files on this unencrypted file-system.

1 Like