i need two identical manjaro installations on the same system, both luks encrypted and with btrfs filesystem.
I installed manjaro two times on two different btrfs partitions, sharing one Efi-partition. Everything worked quite well, but as soon as i try to reinstall them both luks encrypted, the first installation becomes unbootable.
thanks a lot! so simply create two separate efi partitions will do the job?
As i’m thinking of it i got more and more confused. Because i manually create all the partitions during the install process. And i encrypted both the root partitions, but not the efi-partition. So efi partition is definitely not encrypted.
And i can boot the system, but only the last installed one. It doesn’t detect the first one. So how to fix this?
That’s right, an efi partition is never encrypted per se.
But the path with using grub is right. You can install one encrypted system and then another, skipping the grub installation. Next, you can add boot entries for your second system.
I don’t know how much of the second install can be done with calamares.
all right thank you guys. but i can create manually all types of partitions with all types of filesystems within calamares. I just don’t know how to partition my drive exactly. So what would be different if i don’t use calamares? I still would have to partition the drive, without knowing what types of partitions i need for encrypted dualboot.
For now i have 3 partitions. The first one is a shared 512MB Efi partition. The second and third one are encrypted btrfs root partitions for installation A and B.
What kind of partition scheme would you recommend?
Your system has one efi partition, and the dual-boot shares a separate /boot partition. It may also share a swap partition, up to you. Next the btrfs partitions you choose to create. To have the systems separate, you need at least two. But you may think of another partition to share data (e.g. your music to be accessible from both).
For sure you can also install your one encrypted Manjaro as usual, then start an installation procedure from within the running system. I’ve used methods from the following Arch article before, I know it’s technical (if you use method in section 3.2.2 you may also be able to use Arch’s text-guided installer, perhaps). Have a look if it helps you:
Maybe my featured article in my profile can help, which explains some needed info regarding the whole boot process, it is meant for usage with encryption
The OP might use that info when preparing his/her setup. (It’s up to him/her to leave out the password file to force a prompt.)
When it comes to mounting / from a volume, that’s also something the OP might choose to change into something different.
fe. I mount /@Kubuntu as / on this system.
When it comes to $ESP:
You need one per drive if you have an external drive that you want to use on different computers.
You can use a single one, if your other drive is internal and stays in your computer.
You must use the same $ESP if you want to boot from different partitions on the same drive, because the UEFI-Bios will only recognize the first $ESP per drive…
You could start with installing your system on one drive without encryption:
Then create an encrypted container on the other drive’s partition (or whole disk).
Then create a filesystem inside that container.
Use rsync -vaAX to copy your system from the un-encrypted partition to the encrypted filesystem in(2).
Does this command also duplicate special files like block-device nodes? If not use extra flags to enable that also…
Make neccesary changes as in the tutorial i made (link above).
Check by booting the installation on the other drive using the encrypted container. Repeat step 4 until you are able to successfully boot this encrypted version.
When you are confident, you could repeat the steps to duplicate your system from the encrypted version into the first unencrypted drive’s version, so you end-up with two (almost) identical encrypted versions.
I explicitly say (almost) because the UUID’s + encryption keys for the containers will differ unless you take extra steps to duplicate those also…
I am interested in doing something like this: two manjaro installs, one for work, one for play. A sort of poor man’s Qubes. My laptop probably isn’t up to running an encrypted system or btrfs, so I was thinking of encrypting the /home directories only in ext4. Thus there would be:
a /boot/efi fat32 partition
a work ext4 root install
a play ext4 root install
a luks-encrypted work ext4 /home
a luks-encrypted play ext4 /home
Would this sort of thing be possible to set up in calamares? Or is encryption not the real problem as far as calamares is concerned, but the pair of manjaros?
I would add different programs to the two installs, keeping “risky” programs away from work environment and “protected” programs for work away from the play environment. I don’t think you can do that with different users.
@mithrial I’m replacing Windows 10 with the second manjaro, so it’s a wash as far as workload. But I don’t have the kind of knowledge I’d need to run the Arch installer on the second one. Thus my question about using calamares for both.
here so is an update:
I’ve tried it again and again the last few weeks, but unfortunately it’s a bit too complicated for me to encrpt everything. I’ve already installed several Linux distros side by side, but when it comes to encryption, only one distro is bootable, if the /boot directory is encrypted too. So it worked to encrypt root and home, but not for the /boot directories.
But I would like to thank you again for all the advices and I am sure, if I had a little more experience in this area, it would have worked with your suggestions.