Because since last bigger update something is not working properly I will reinstall KDE Plasma Manjaro.
My question, does this installation with the installation manager meanwhile really work in the combination of btrfs hard disk / SSD, encryption and hibernation file?
Last year I have installed it this way but it it has been claiming hibernation file not found on booting. Swap definitely does not work at all in this combination. I have tried many times.
It would be great if at least the requested combination works meanwhile. And the combination which do not work at all should not be available with the installation manager routine.
Still beside the password for the OS SSD I also have to enter always the encryption password for my second data disk on the booting routine. It would be great if the password for the second drive is read from the main OS drive on booting. I do not know, if anything has changed so far?
Thanks for your answer. But your answer is for swap with btrfs without encryption. Even I worked for hours following suggestions in the forum I never could make it work swap with btrfs and encryption together. Somewhere I found it cannot work but for btrfs with hibernation file and encryption it should work. Still I could not make it neither. May be I am simply not professionell enough.
But my original question was actually different. I asked if meanwhile the manjaro installation manager for new installation of manjaro can make it work letting install btrfs with hibernation file and encryption?
To me sounds like is not a good mix yet, hence the installer will not do it automatically, if manually doing it fails ⌠Personally iâm not a big fan of btrfs and encryptions is pointless in my case, and i never put my system on hibernate or sleep
Have you made a feature request to the project and explain that to the project developers, to implement smart modules ? Calamares (official repo) ¡ GitHub
This solution sounds great, because the data on root itself are not critical to be âpublicâ / not encrypted.
Probably it is not possible to make /home as an encrypted subdirectory of / (root) without encryption?
I have my data on a separated, encrypted hard disk. Thus I can keep /home smaller.
I have read somewhere that hibernation file would work for hibernation mode better than a swap partition. What do you think about it also regarding to your solution?
You download any packages from the repos or AUR and install them into your system in /, they are âpublicâ and not your data, you do not need encrypt them. But
Maybe you need to encrypt some things in the system if:
Do you create your own private packages for your system?
Do you use Docker containers including your private data?
Do you use and manage any database e.g postgres including your private data?
That depends on your decision.
My idea would be to move docker data and postgres data from the unencrypted partition /var/lib/XXX to the encrypted partition /home/XXX and mount them with their same specific directory /var/lib/XXX in the system.
That is possible, you mean systemd-homed, but I would not recommend using it for Btrfs, which causes multiple âcopyâ of the single systemd-home-file when creating multiple snapshots.
/home and / should be separated in two different partitions and two filesystems.
The definition âbetterâ is very general, but you donât know what âbetterâ means.
My theory would be what advantages and disadvantages between Swap file and Swap partition:
Swap file
More flexible than Swap partition, you can change size of swapfile and config. It needs to run on the filesystem, maybe less stable than Swap partition. Maybe slower
Swap partition
Maybe faster than Swap file. More stable, completely independent of Btrfs. Inflexible config
I do not use any of them mentioned so far but bottles. But Docker may be an option in the future. First part of your description sounds clear but how can I mount them XXX with their same specific directory?
I thought of swap file because I understood some time ago that btrfs swap partition does not work encrypted. But it seems from my experience so far it works neither with swap file.
Do I need an encrypted swap partition if home is encrypted? Does it work?
Or personally which of your versions would you recommend for btrfs together with encryption? Maybe I have to forget swap and hibernation mode at all.
I did not test the encrypted swap partition if it has some issues.
In your experience, the encprypted swap file works fine for you, then OK.
I do not use hibernation mode, but use sleep/standby mode for my laptop. The sleep/standby mode does not put all workings-data from RAM to swap on the disk.
That is why I leave the swap partition unencrypted.
Think, the encryption does not protect your data when your PC is online and hackers would be logged in with your credentials or root access.
The encryption only protects against data theft when your PC is offline, but not online.
When I have time for a complete new installation I will try out your combination. Hopefully it works proberly with the manual installation. The calamares installer is not state of the art. If I have time I will also place a feature request in Github.
I will let you know.
What would you recommend regarding online security? Maybe you like to open a seperated topic for âonline security recommendations working with Linux Manjaroâ or sth like this.
Hi,
What is the reason why you canât boot off any snapshots via GRUB, in this case ?
I understand that /boot partition is unencrypted and / is encrypted, but i do not understand why.
I mean, when you boot on your computer normally, you boot on @/, so, why canât you boot on any snapshot ?
This case is a separation between /boot partition and / partition.
All initramfs images/Kernel versions are in /boot for GRUB.
If you boot off any snapshot @/ on the / partition, but the kernel/initramfs (in the /boot partition) no longer match the kernel modules in the snapshot @/. You need to chroot into your system via Live ISO to reinstall the version of the kernel that matches your kernel modules.
More flexible than Swap partition, you can change size of swapfile and config.
It needs to run on the filesystem, maybe less stable than Swap partition.