How do I install Manjaro MATE with LVM on LUKS and dual boot with Windows?

Hello to all the community. I am in need of some help please. I’m coming from Ubuntu MATE but recently wanting to switch to Manjaro MATE, but as I’m installing it on a laptop I need to install it with LVM on LUKS. Currently I have this setup with Ubuntu following the official guide for Ubuntu 18.04+ but the same process doesn’t work with Manjaro. I need to dual boot with Windows, but I only want Manjaro to be encrypted. Currently, my setup consist of a GPT 1TB drive with unencrypted Windows and 2 LUKS partitions one with 2 Volume groups, one for the root and the other for the home and the other partition a 500MB LUKS1 for the Boot partition.
Now, in Ubuntu I had to set it up like this because GRUB apparently doesn’t support LUKS2 (as far as I’m aware anyway). I tried and tried to look for a guide on how to install Manjaro with LVM on LUKS and dual boot but I could only find some guide for Manjaro-Architect but since that seems not available anymore it obviously is not an opinion for me. I have flashed a live USB with Manjaro MATE ISO. How do I go from there to install it the way I need it please? Also I wanted to note I’d very much rather not lose data on my Home group in my volume group. I mean I have it backed up remotely but I’d much rather not having to restore it if possible.
Thank you so much for your attention and to everyone who will help me.

Are you willing to lose all your former Ubuntu data, including the home directory? Or do you wish to re-use your home data and install a fresh copy of Manjaro?

I am more than willing to of course lose all of the Ubuntu system files except for all the files in my Home directory which as I said are kept on a separate volume group than the root. I am more than happy to then reinstall all the programs. But if push comes to shove I can also restore the home files from a backup copy but only as a very last resort…

That’s a non-standard and more complicated method if you’re going to install Manjaro with Calamares (the official installer.)

I believe it’s feasible with the “Manual / Expert partitioning method”, but you would have to use a pre-setup and careful steps.

Just off the top of my head:

  • Activate all LVM logical volumes (lvRoot, lvHome)

  • Reformat inside lvRoot with Ext4, XFS, or Btrfs. (Preferably Ext4 in your case)

  • Do not touch lvHome

  • Reformat inside the LUKS1 /boot partition with Ext4 (Let’s say it’s crypto_sda5)

  • Then during installation, use the manual method,
    – To leave Windows alone
    – To use the existing EFI FAT32 partition for /boot/efi (it will be shared between Windows and Manjaro)
    – To use lvHome for /home (“as is” with no reformatting!)
    – To use lvRoot for / (already pre-formatted as Ext4)
    – To use crypto_sda5 for /boot (already pre-formatted as Ext4)
    – To do the necessary post-installation steps for dual-booting with Grub, using the shared EFI FAT32 partition, os-prober, correct Grub entries, mkinitcpio modules and hooks, initramfs, fstab, and crypttab (to support LVM and LUKS).

Just thinking about doing this makes me feel uneasy. A lot can (and likely will) go wrong. :weary:

So yesterday before posting this I followed this guide which is similar to the steps you describe (unfortunately it says here that I can’t post links :slightly_frowning_face:)
Although it didn’t go to plan. I only formatted the root VG, though I think the installation needed final steps to make GRUB compatible with LUKS encryption and adding the volumes on the fstab file with their device UUID as it is described by the guide from Ubuntu I originally used to make this setup
By the way you sort of lost me a bit toward the last couple of steps. I’m still new to the world of Arch based distros so don’t know exactly how I would go about doing those steps exactly. The guide I followed yesterday gave me a bit of an idea but don’t know if there is anything else or anything different I need to do.

Also, on that guide on Manjaro Forum there was this step to install the base system and other core utilities when I chrooted in the root VG:
basestrap /mnt base $LINUX dhcpcd networkmanager grub mkinitcpio efibootmgr vi nano sudo links (where $LINUX is the Linux Kernel version eg. Linux513)
but my guess is that would only install the base system, not Manjaro with the MATE DE too. How do I finish the install so that I have MATE desktop environment with Marco Windows Manager AND so it looks the same as on the default Manjaro MATE live ISO? (Same configuration and customisation and not vanilla MATE?)

Thank you

Yes that is correct. I have written a great deal of guides.

In one those - the one on doing a manual Manjaro installation - it is also explained how you recreate the same environment as a live iso.

1 Like

Hello there and thank you very much for your comment. That was actually the exact same guide I followed before making this post. But for some reason the final steps didn’t seem to work. I tried to install Marco by pacman -Sy marco and enable it by systemctl enable marco but when I rebooted grub entered in rescue mode as I think I will need to I clude the encryption keys in a configuration file and add the UUID of the boot and system partition in fstab like I did for the Ubuntu setup so that Grub can work with encryption.
Also how do I install MATE and Marco DE and Window manager with the same configuration as the default Manjaro MATE configuration? I don’t think I understand exactly how it works from the guide sorry :confused:

The files mentioned - contains list of packages with versions used for the booted iso.

Then it is just a matter of parsing the files - extracting the package name and feed the list to pacman - you can do this manually or you can automated it - the latter is what is shown in the referenced topic.

If you’d rather select which packages to install - then open the files and pick the packages you want.

The referenced topic also creates the user after the installation of the packages as the files in /etc/skel is used as base when you create a user.

What I don’t understand is - why would you complicate your setup by using LVM? Encryption I can understand - to a degree - but LVM does not provide any benefits I know of. Yes -I know dynamic expansion of partitions - across boundaries - but really - how many times have you actually used it?

I have tried Linux RAID setup and LVM setup but the only thing I got out of it was more complication when it failed - often with loss of data - so I have decided to keep it simple.

When I tried those steps I actually got an error which I will post when I can try the installation again. At the moment I’m unable to do it as I’m at work.

By the way, the reason why I want to do this is because I need my laptop and in particular the Manjaro install to be encrypted in all it’s parts (excluding the Windows partitions) as I have personal files and documents and don’t want to risk if I go travelling and lose it or have it stolen for my data to be publicly accessible. I like to be on the safe side. I know it is a bit trickier but I am willing to go through the pain especially as Manjaro is more of a install once and don’t bother anymore distro. And the I’ll use Timeshift snapshots in case something happens during updating (as I read it can be a bit of a thing with Manjaro sometimes).

It would be less of a headache to start from scratch. Trying to salvage your current setup / data, and migrating it to Manjaro, greatly complicates things (as you are experiencing first-hand.)

A feasible scheme would look like so,

  • Partition 1, EFI, FAT32, (Windows and Manjaro bootloaders)
  • Partition 2-4, Windows, NTFS, (Windows OS and reserved MS stuff)
  • Partition 5, Manjaro, LUKS-Ext4, (boot, root, and home all on the same partition)

The part highlighted in bold would be new, freshly formatted data, not carried over from existing data.

Then just rsync/copy over everything from a home backup to your new /home/username/ directory.

The home backup would be updated immediately before installing the new system (to make sure you’ll have everything in your backup when it is to be used later to restore back to your new home folder.)

The Grub EFI bootloader would prompt you for the LUKS passphrase upon powering on the system (very plain, nothing fancy, no hardware-accelerated decryption of the master key), and the rest would proceed as a normal boot, with the Grub menu and dual-booting options.

My home backup is encrypted on a local raspberry pi SAMBA server made with Deja Dup. So would have to restore that once installation is finished and Deja Dup installed so that is it automated. But will consider this step if upon trying the guide again doesn’t work or troubleshooting some of the steps…

By the way are you sure that GRUB doesn’t need a separate LUKS1 partition to work? Is it safe to just leave it in the root? Will I need to add anything in the fstab? Don’t know if things have changed with latest versions of GRUB. Thank you very much.

I understand the encryption thing - no problem.

I’d say the best venue is to use systemd-boot. It supports booting windows and it supports a fully encrypted root.

There is one key difference - the $esp must be mounted at boot.

I have experimented with encryption - not that I use it - it’s just the nerd in me which has to test things - at least I’ll be able to understand the issues.

I have all my notes online - I have a specific set of notes in mind here - I don’t recommend btrfs - after a couple of incidents I lost faith in it

systemd-boot is tricky on Manjaro due to the kernel naming schema. A long time ago a community member - I don’t know if the member is still here - @dalto created a script to facilitate maintenance of the systemd boot when you need to setup a new kernel.

It is a fairly simple task - when you know how - so sticking with the LTS kernel will ease the necessary maintenance with relation to systemd-boot as you would only ever have to shift the kernel until the next LTS is stable.

Marco is the window manager and lightdm the displaymanager.

If you mean “boot” as in /boot, then it doesn’t have to be mounted there. I usually mount mine at /efi.

If you mean “boot” as in the time of boot then it actually doesn’t need to be explicitly mounted. However, since the kernels and initrams live inside of it, it will need to be mounted when you update the system so it is probably better to mount it permanently in /etc/fstab or with a mount unit.

systemd-boot-manager is the series of scripts/hooks I created for Manjaro.

Alternatively, you can use kernel-install which is part of systemd.

1 Like

Either LUKS1, or LUKS2 using PBKDF instead of Argon.

Same as usual, point the LUKS container (e.g, /dev/mapper/luks-XXXXXX or UUID) to the mount point.

If you decide to go the systemd-boot route, then it’s pointless to worry about encrypting /boot, since your kernel and initramfs will exist in non-encrypted space (in the FAT32 ESP or separate partition.) Systemd-boot needs to be able to access the kernel and initramfs before you can proceed to decrypt your system partition.

The same can be achieved with Grub and a separate non-encrypted /boot partition.

If you absolutely want everything encrypted, including the kernel and initramfs, then you need to use Grub, which will provide a rudimentary passphrase prompt to decrypt boot/root, in order to access the menu, and the kernel and initramfs, and thus in order to continue a normal boot process.

However, this goes back to using LUKS1 or LUKS2 without Argon.

Sorry, I don’t know what PBKDF and Argon are :confused:

Lol, I thought window and display manager were the same thing. :laughing:

Yes, I did mean boot as in /boot partition to install grub, kernel and initramfs. I noticed that in arch unlike on Ubuntu, even in Calamares there seems to be a default mount point for the boot partition to /boot/efi whereas on Ubuntu it’s just /boot on the installer. Do I need to install all grub, kernel and initramfs in /boot or /boot/efi instead? Thank you very much to everyone, I really appreciate your support :+1 I’ll give it another go and post any issues that may arise.

It’s the method used to encrypt the master key embedded in the LUKS header.

Grub currently does not support Argon for LUKS2, but you can override the initial LUKS creation using PBKDF instead. (Trivia: PBKDF is used in LUKS1).

Some of the terminology overlaps. Mount points and partitions are sometimes used as interchangable terms.

To make it easier to visualize:


  • ESP
    – AKA: “EFI System Partition”
    – Formatted as FAT32
    – Under a running Linux system, usually mounted at /boot/efi or /efi
    – Can be shared (often is) between multiple OSes, including Windows and Linux
    – Usually sized around 300-500MB, but not a hard requirement, can be smaller (mine is 128M)[1]

  • Boot partition
    – AKA: Where your kernel, initramfs, grub menus, etc, live here
    – Not always a separate partition, sometimes it lives in the Root partition as a folder under /boot
    If used as a separate partition, commonly formatted as Ext4
    – Under a running Linux system, usually mounted at /boot, if it’s a separate partition
    – Can vary in size, usually around a few hundred MB for room to spare for multiple kernels

  • Root partition
    – AKA: The “OS” or “System” partition where your OS, programs, system files, etc, live here
    – Can even include everything in the /boot folder if you don’t have a separate Boot partition
    – Can even include everything in the /home folder if you don’t have a separate Home partition
    – Can be formatted to whatever you prefer, such as Ext4, XFS, Btrfs
    – Under a running Linux system, always mounted at /
    – Usually sized large enough to hold the OS with plenty of breathing room

  • Home partition
    – AKA: Where your user data and personal files, live here
    – Not always a separate partition, sometimes it lives in the root partition as a folder under /home
    If used as a separate partition, formatted to whatever you prefer, such as Ext4, XFS, Btrfs
    – Under a running Linux system, always mounted at /home, if it’s a separate partition
    – Usually sized large enough to hold your data and personal files, and so forth

Partitions and mount points are two different things. Think of a partition as the actual “block device”, and the mount point as the folder where this block device “begins its journey”.

If there is no separate partition (i.e, no separate block device), then the mount point is meaningless. So if you don’t have a separate boot partition (i.e, no separate block device formatted as Ext4), then /boot/ is in fact just a folder that lives in your Root partition, which upon browsing this folder you will see your kernel, initramfs, and grub menu/theme files.

[1] If you ever plan to use systemd-boot, it’s best to have a decently-sized ESP, so that it can comfortably house multiple kernels and initramfs’es. The reason I can get away with a tiny ESP is because I don’t plan to use systemd-boot. If I ever change my mind, I will need to upsize my ESP to something like 300 or 500 MB.

If you are using grub, it is best to mount your EFI Partition(ESP) at /boot/efi. Your kernel and initrams will go into /boot but that doesn’t need to be a separate partition.

Yes I knew that, sorry I may have expressed myself in a slight confusing way or using inappropriate terminology


It looks like you are confusing the ESP with the (optional) Boot partition (which is not as much a common practice anymore, as even the default Manjaro installation will not use a separate Boot partition, but rather just use the /boot folder to dump the kernel, initramfs, and grub menu files.)

Fair enough then, I won’t bother with the /boot. I think I’ll just delete the partition and leave it inside the root…might actually be better if I want to have more kernel versions installed…cheers.