The most simple solution is to wipe Windows and use then entire device.
The following topic is a script which setup the most simple LUKS encrypted system you can imagine.
The only thing to do afterwards is to put on the toppings - Xorg, desktop, swap, apps etc - but you already expected that since you started the adventure of this thread.
Not really a viable way for me to wipe Windows. I don’t have an image backed up and don’t even know if it will work for me restoring the installation on an encrypted disk. I don’t wish to affect the Windows partitions. I wish to dual boot with it but just have the Manjaro side encrypted like I did for Ubuntu. If I managed to do it for Ubuntu then I should be able to do it on Manjaro right?
You can do that - but your issues and trouble has nothing to do with Manjaro - it is your requirements and lack of experience which is creating obstacles for your progress.
As you begin by trying to apply settings which the Calamares installer cannot handle - the LVM part. Therefore you end with a manual setup which requires a lot more knowledge.
It is much like getting a sedan to do the job of landrover - it may be done but not without great trouble.
systemd-boot willl happily dual-boot Windows - but only Windows.
I can amend the mentioned script so it can be used to create an encrypted Manjaro - dual-booting Windows. It requires the following to be known and set
Which is fine as I said I am prepared to delete my 2 LUKS partitions on /dev/sda5 and sda6 and create just one LUKS on /dev/sda5 for Manjaro to be installed on (manually) and use the existing EFI partition that I have on /dev/sda1. Sorry, I think I expressed myself in the wrong way earlier. I didn’t mean to keep exactly the same setup as the Ubuntu guide but I mainly meant that if there is a way to do it for Ubuntu then surely there has to be a way to do it for Manjaro even if manually or a bit more complicated. I don’t mind if the setup is a bit different to the Ubuntu guide, so long as I can do it. But similarly without having to completely wipe the whole drive that’s all. Cheers btw. I’ll give it a go and say if it works.
The following is a modded version adapted to your situation.
Please review the script carefully - before applying it to your system.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# Copyright (c) 2021 @linux-aarhus
#
# This script is based on
# https://forum.manjaro.org/t/root-tip-diy-installer-script-base-sdboot-luks/88502
#
# MODIFIED TO FIT A SPECIFIC FORUM TOPIC
# https://forum.manjaro.org/t/how-do-i-install-manjaro-mate-with-lvm-on-luks-and-dual-boot-with-windows/87358
#
# ! IMPORTANT !
# ! GREAT CARE SHOULD BE EXCERCISED !
# ! A lot of assumptions are made - please review carefully !
#
# The script assumes the system is booted using a recent Manjaro Mate ISO
# The disk is pre-installed using Windows in EFI mode
# The Manjaro ISO is booted in EFI mode (firmware Legacy boot disabled)
# The existing Windows EFI partition ($esp) is located at /dev/sda1
# An empty partition has been created to hold a Linux filesystem (0x8300) as /dev/sda5
# systemd-boot is installed as bootloader
# The root filesystem is using f2fs inside a LUKS container
#
# ! PLEASE REVIEW THE VARIABLES SECTION !
# ! AMEND THE VARIABLES AS NECESSARY !
#
if [ "$(id -u)" != "0" ]; then
echo "Please change to root context using su or sudo"
echo ""
exit
fi
#############################################################
#### VARIABLES SECTION
TARGET="/dev/sda"
EFI_PART="/dev/sda1" # existing Windows $esp
LUKS_PART="/dev/sda2" # root partition to hold LUKS container
TUSER=manjaro # first user == wheel group
TDISPLAYMANAGER=lightdm # display manager
KERNEL="5.10" # linux kernel number
KERNELPKG=$(echo linux$KERNEL | sed 's/\.//')# kernel package name
MIRROR='https://mirrors.manjaro.org/repo/' # build mirror
BRANCH='unstable' # target branch
TKEYMAP='dk' # target keyboard layout
TLOCALE_CONF='en_DK.UTF-8' # target locale.conf
TLOCALE_PRIMARY='en_DK.UTF-8 UTF-8' # target primary locale
TLOCALE_FALLBACK='en_US.UTF-8 UTF-8' # target fallback locale
TTIMEZONE='Europe/Copenhagen' # target timezone
THOSTNAME='manjaro' # target hostname
ITER_TIME="10000" # luks iteration time
RETRIES="3" # luks decryption retries
BASE_PKGS="base $KERNELPKG mkinitcpio networkmanager bash-completion"
TGROUPS='lp,network,power,wheel'
TSERVICES='cronie ModemManager NetworkManager cups tlp tlp-sleep avahi-daemon add-autologin-group haveged apparmor snapd.apparmor snapd'
#### VARIABLES END
#############################################################
# == BARE METAL TEST SETUP ============================
#echo "==> Unmounting $TARGET"
#umount -f "$TARGET"
#echo "==> Preparing disk $TARGET"
#sgdisk --zap-all "$TARGET"
#sgdisk --mbrtogpt "$TARGET"
#### efi
#echo "==> Creating EFI partition"
#sgdisk --new 1::+512M --typecode 1:ef00 --change-name 1:"EFI System" "$TARGET"
#echo "==> wiping EFI partition"
#wipefs -af "$TARGET"1
#echo "==> formatting EFI partition"
#mkfs.vfat -F32 "$TARGET"1
#### root
#echo "==> Creating root partition"
#sgdisk --new 2::: --typecode 2:8304 --change-name 2:"Linux x86-64 root" "$TARGET"
#echo "==> wiping root partition"
#wipefs -af "$TARGET"2
# == END BARE METAL TEST SETUP ========================
# ===== EXISTING WINDOWS DEVICE =======================
echo "==> Unmounting $EFI_PART"
umount -f "$EFI_PART"
echo "==> Unmounting $LUKS_PART"
umount -f "$LUKS_PART"
echo "==> wiping root partition"
wipefs -af "$LUKS_PART"
# ====================================================
echo "==> ------------------------------------------"
echo "==> Setting up root LUKS container"
echo " -> WATCHOUT FOR THE UPPERCASE CONFIRMATION"
echo " -> If using CapsLock remember to toggle back"
cryptsetup --type luks2 --use-urandom luksFormat "$LUKS_PART"
echo "==> ------------------------------------------"
echo "==> Open LUKS container"
cryptsetup open "$LUKS_PART" cryptroot
echo "==> Formatting LUKS using ext4"
mkfs.ext4 /dev/mapper/cryptroot
echo "==> Mounting root partition"
mount /dev/mapper/cryptroot /mnt
echo "==> Creating /boot"
mkdir /mnt/boot
echo "==> Mounting EFI partition"
mount "$EFI_PART" /mnt/boot
echo "==> Setting branch and mirror"
pacman-mirrors --api --set-branch $BRANCH --url $MIRROR
echo "==> Syncronizing pacman databases"
pacman -Syy
echo "==> installing base system"
basestrap /mnt $BASE_PKGS
echo "==> Configure base ..."
echo " -> Creating file: vconsole.conf"
echo KEYMAP=$TKEYMAP > /mnt/etc/vconsole.conf
echo " -> Creating file: locale.conf"
echo LANG=$TLOCALE_CONF > /mnt/etc/locale.conf
echo " -> Creating file: hostname"
echo manjaro > /mnt/etc/hostname
echo " -> Creating file: hosts"
cat > /mnt/etc/hosts <<EOF
127.0.0.1 localhost
127.0.1.1 $THOSTNAME.localdomain $THOSTNAME
EOF
echo " -> Creating symlink: localtime"
ln -sf /usr/share/zoneinfo/$TTIMEZONE /mnt/etc/localtime
echo " -> Setting hardware clock"
manjaro-chroot /mnt hwclock --systohc
echo " -> Enabling services"
manjaro-chroot /mnt systemctl enable NetworkManager systemd-timesyncd
echo " -> Modifying file: locale.gen"
echo $TLOCALE_PRIMARY >> /mnt/etc/locale.gen
echo $TLOCALE_FALLBACK >> /mnt/etc/locale.gen
echo " -> Generating locale"
manjaro-chroot /mnt locale-gen
echo " -> Setting up mkinitcpio.conf"
sed -i '/HOOKS=/c\HOOKS=(systemd keyboard keymap sd-vconsole block sd-encrypt autodetect modconf filesystems fsck)' /mnt/etc/mkinitcpio.conf
echo " -> Generating initrd"
manjaro-chroot /mnt mkinitcpio -P
echo " -> Installing bootloader"
bootctl --path=/mnt/boot install
echo " -> Updating entries with device UUID"
devuuid=$(lsblk -no uuid "$LUKS_PART" | head -n1)
echo " -> Creating loader entry: manjaro.conf"
cat > /mnt/boot/loader/entries/manjaro.conf <<EOF
title Manjaro
linux /vmlinuz-$KERNEL-x86_64
initrd /initramfs-$KERNEL-x86_64.img
options root=/dev/mapper/cryptroot rd.luks.name=$devuuid=cryptroot
EOF
echo " -> Creating fallback entry: manjaro-fallback.conf"
cat > /mnt/boot/loader/entries/manjaro-fallback.conf <<EOF
title Manjaro (fallback)
linux /vmlinuz-$KERNEL-x86_64
initrd /initramfs-$KERNEL-fallback-x86_64.img
options root=/dev/mapper/cryptroot rd.luks.name=$devuuid=cryptroot
EOF
echo " -> Setting default loader"
sed -i '/default/c\/default manjaro\*/' /mnt/boot/loader/loader.conf
echo "==> Setting target branch and mirror"
pacman-mirrors --api --prefix /mnt --set-branch $BRANCH --url $MIRROR
echo "==> Set root password"
manjaro-chroot /mnt passwd root
#############################################################
#### ISO SPECIFIC SETUP
echo "==> Installing display manager"
manjaro-chroot /mnt pacman -S $TDISPLAYMANAGER --noconfirm
echo "==> Installing ISO package lists"
manjaro-chroot /mnt pacman -S $(comm -12 <(awk '{print $1}' /rootfs-pkgs.txt | sort) <(awk '{print $1}' /desktopfs-pkgs.txt | sort) | sed '/^grub/d' | sed '/^os-prober/d' | sed '/^kernel-modules-hook/d' | sed '/^kernel-alive/d' | sed '/^linux[0-9][0-9]/d') --needed --noconfirm
echo " --> Done installing ISO packages."
echo "==> Copying ISO specific settings..."
cp /etc/lightdm/lightdm-gtk-greeter.conf /mnt/etc/lightdm
cp /etc/lightdm/slick-greeter.conf /mnt/etc/lightdm
cp /etc/environment /mnt/etc
cp /usr/share/icons/default /mnt/usr/share/icons
echo "==> Setting up wheel group"
cat > /mnt/etc/sudoers.d/100-wheel <<EOF
%wheel ALL=(ALL) ALL
EOF
echo "==> Create new admin user $TUSER"
manjaro-chroot /mnt useradd -mUG $TGROUPS $TUSER
echo "==> Set admin user password"
manjaro-chroot /mnt passwd $TUSER
echo "==> Enable display manager"
manjaro-chroot /mnt systemctl enable $TDISPLAYMANAGER
echo "==> Enable ISO services"
manjaro-chroot /mnt systemctl enable $TSERVICES
#### ISO SETUP END
#############################################################
echo "==> Cleaning up"
echo " -> Unmounting partitions"
umount -R /mnt
echo " -> Closing LUKS container"
cryptsetup close /dev/mapper/cryptroot
sync
echo "==> Done! You have succesfully mimicked a Manjaro Mate Edition"
echo "==> TODO: Configure swapfile ..."
echo " -> Swap configuration <https://wiki.manjaro.org/index.php/Swap>"
echo ""
Ok. That’s fine. I think I’ll give it a go next week when I’m back from my holiday so that if something goes wrong I can access my backup
At the end of the script can I then execute the steps to recreate the live USB settings and packages as described on the normal manual installation guide of yours? Or would that break the installation in any way?
cat /rootfs-pkgs.txt | awk '{print $1;}' > ~/iso-pkglist.txt
cat /desktopfs-pkgs.txt | awk '{print $1;}' >> ~/iso-pkglist.txt
pacman -Syy --root /mnt - < ~/iso-pkglist.txt
There has been a learning process for me in this and I appreciate the opportunity.
This question made me think - there is configuration which are not part of any package and resides only in the desktop overlay. When doing this kind of setup these configs must be copied manually - also the display manager configuration must be done manally.
To be sure everything is there one would consult the relevant iso profile and copy the specifics from the live ISO - in this case the mate iso profile
I have been playing around with the files from the Mate edition and I found they contains duplicates after the merge.
Another thing from the process - grub and os-prober is not needed - systemd-boot - so I have reworked the process into a single line.
I have amended above script
bash <filename.txt>
See man comm, man awk, man sort, man sed for more information.
pacman --print -S $(comm -12 <(awk '{print $1}' /rootfs-pkgs.txt | sort) <(awk '{print $1}' /desktopfs-pkgs.txt | sort) | sed '/^grub/d' | sed '/^os-prober/d' | sed '/^kernel-alive/d' | sed '/^kernel-modules-hook/d')
This part generates a list of packages with their version information stripped of and the result is sorted. This isrepeated for desktopfs-pkgs.txt.
awk '{print $1}' /rootfs-pkgs.txt | sort
This part creates a sorted list from the two files containing only unique files from both sources
comm -12 <(awk '{print $1}' /rootfs-pkgs.txt | sort) <(awk '{print $1}' /desktopfs-pkgs.txt | sort)
The sed parts removes some unnecessary packages (grub, os-prober, kernel-alive and kernel-modules-hook)
sed '/^grub/d' | sed '/^os-prober/d' | sed '/^kernel-alive/d' | sed '/^kernel-modules-hook/d'
Finally the result is fed to pacman - using the --print argument to mimic what would have been done
pacman --print -S
I did mean that. And you are absolute correct - it is even mentioned in the Arch wiki.
So yes - It is possible to mount it on efi but mkinitcpio defaults makes it necessary mount on /boot.
The files in mkinitcpio.d all points to /boot so unless one has the urge to complicate the transition to systemd-boot - one should mount $esp on /boot.
The location of where to mount your ESP is certainly a personal preference and mounting it at /boot is a valid option. However there are more reasons to not mount it on /boot than the opposite.
kernel-install, it makes no sense at all since it keeps the kernels and initrds/initrams outside of /boot/boot you can create kernel conflicts where one distros kernels overwrite another’s/efi and then symlinking into /boot if that is needed offers more flexibility.I usually mount mine to /boot/efi. I think that should be alright? I mean mounting the ESP (efi partition on /dev/sda1) to /boot/efi or at least that’s what I seem to remember from the manual installation guide.
Btw seems a bit of a nightmare having to setup all the config files manually especially for me as I never had to deal with that, but will see what I can do. I might try to follow an Arch Wiki about setting the display manager and desktop environment up to as close as possible to the way Manjaro looks by default with some tweaks here and there to suit my preferences. Hopefully I should be ok doing that as I don’t really know what needs to be done as of yet lol.
If you are using grub, that is the most sensible place. If you are not using grub, it can work, but it doesn’t make much sense to put it there.
kernel-install - this was new to me - learning something every day - thank you for the tip 
After a dive - there is things which previously puzzled me regarding systemd-boot - but know it makes so much more sense - thank you indeed - one more time 
I have been speculating on how I would best achieve the mount on /efi - that is where I ran into the default configurations pointing to /boot.
So for this topic I decided to stay with /boot - to not introduce more changes than necessary.
I didn’t consider the symlinking - that is an interesting approach.
I have amended the above script to fit exactly into your use case wanting a Manjaro Mate install.
It was kind of entertaining to challenge myself this way - and I learned something on the way - especially with relation to using the manjaro-chroot to perform tasks not otherwise possible - such as setting up the initial loader entries.
That is the place when using grub. The reason I suggest systemd-boot is because it works so much better with an encrypted root - and is capable finding Windows as well.
Yes - that is know to happen - especially with Manjaro grub … perhaps not explicitly that but problems indeed …
Great, thank you very very much, will give it a try when I come back from my holiday and let you know. And yes, I do have a Manjaro MATE live USB :).
I think I’ll stick with GRUB as I read on your guide about systemd-boot that it will need a lot of maintenance having to reconfigure/regenerate the config files for every new version of the Linux kernel and so on. It would drive me insane in the long run. It’s too much of a hassle if it keeps going like that…lol. I just need a straightforward bootloader and GRUB does the job for me
Grub is not straight forward - systemd-boot is much simpler thatn grub.
No systemd does not need more mainteance than grub.
The setup done by the script is the best setup you can get. Do not begin to mix in grub - tthe script is not designed for that.
Try it before you judge it.
If you stay with linux 5.10 you need no any maintenace for many years to come. and the combo system-dboo and LUKS is fine pair.
When you get your system installed using the above script - all setup has been done for 5.10 - the only kernel you will ever need.
Well, even that will eventually fade away into older ground and become unsupported in time.
By the way I noticed the script will then use f2fs filesystem. I’d like to stick with ext4. Would that be possible to amend the script to suit that by any chance?
Maybe at the bit where it says:
echo "==> Formatting LUKS using f2fs"
mkfs.f2fs -f /dev/mapper/cryptroot
I could instead use mkfs.ext4, that should do the job I think…
Anyway, ok I thought GRUB was straightforward as it never gave me any big hassle all things considered, it always pretty much worked fine. But yes, I will leave the script as it is and just trust it first. As long as it works and won’t need me reconfiguring it at every different kernel version and stuff like that I don’t mind what I use really
You can replace the line mkfs.f2fs -f with mkfs.ext4 - no problem
I have learned a lot from this project - the comment from @dalto on using kernel-install - it makes it so much easier to maintain - and the script can be amended and be simpler than it is now.
Thats true - I will help you over the kernel point too. as it is quite easy.
I have been testing your scripts and hooks for kernel-install - good job - and they work perfect for Manjaro as well. So now packaged for Manjaro as systemd-kernel-maintenance.
The package systemd-boot-manager by @dalto will help you maintain your kernel.
Hello there. Sorry I forgot to mention that I do prefer to keep my /home on a separate partition (obviously all encrypted) so that if I need to reinstall for any reason I can avoid losing my personal data accidentally by reformatting the installation. So I generally make the / root partition to around 30GB and the rest of the available space to the /home. Will the script above allow me to do that or will I need to do some further tweaking for that setup? Thank you
I don’t want to use time to figure out such configuration - I prefer the Manjaro slogan Enjoy the simplicity and while that usually is referring to how Manjaro making Arch Linux easily accessible - I like to apply it to other parts of computing as well.
With encryption it adds complexity as you would need two partitions. I can understand your preference - but that preference is also what this whole topic is about. I reject your argument about accidental format of the root as not valid.
Make use of cloud services and/or backup devices to store important documents - again you can use encryption. It is incredibly easy to have a luksformatted disk you mount for backup.
An example - for another nerd test a year back I bought a WD My Passport 500G SSD USB-C - it was less then €75. It is incredibly fast, reliable and easy portable. Mine serves several purposes such as bootable with Ventoy and having an extra partition for large amount of data - initially for having a portable Windows 10 VBox VM. Having served that purpose I could easily create a LUKS partition and use it as encrypted backup.
You could use similar device deploying with encryption.
Which is what I plan to do anyway, using my Raspberry Pi NAS and doing encrypted backups using Dejadup.
You cannot format a mounted filesystem.
But you could reformat/reinstall if you use a Live USB and gparted if your system goes haywire. Now, I will save system snapshots on a 128GB USB stick formatted in ext4 so that I could restore it to a previous point if some update breaks the system as I know it is possible in Manjaro/Arch. But I still prefer to be on a little bit of a safer side not having to mess up the whole partition and affect the personal data, even if it is backed up externally. As I have an SSD I am a little bit OCD not wanting to risk having to rewrite around 90GB of data should something happen ending up affecting the life of it. Not to mention the time that it takes to restore too.
But since I realise this takes time and effort to realise I won’t ask for anything more. I am more than grateful for all the help so far, and hopefully the system snapshots through Timeshift should help should something happen to the system. And my data shouldn’t be affected. Thank you so much and I will give the script a try and see what happens.
I am also very glad that my topic provided grounds for learning for all of us here.