Manjaro BTRFS installation on a drive and encrypting it

Support
1

I have a hard disk with the following paritions

  1. Boot Efi
  2. Swap
  3. Root
  4. Home
    When installing I am using BTRFS instead of ext4 - I did select encrypt the partition with passwords. But post installation the system doesn’t stop to ask password for decryption the partition and takes me straight to the log in screen.
    Is encrypting partition possible ? and is it possible with BTRFS or should I stay with ext4 ?

I tried installing twice and both the times it didn’t work.

2

I know so far, the short answer: Yes

The installation is something wrong.

Check /etc/fstab and /etc/crypttab

4 
cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
UUID=C37A-B8C1                            /boot/efi      vfat    umask=0077 0 2
UUID=9b64d87d-8ad9-42fa-a59f-d4eb33070944 /              btrfs   subvol=/@,defaults 0 0
UUID=9b64d87d-8ad9-42fa-a59f-d4eb33070944 /var/cache     btrfs   subvol=/@cache,defaults 0 0
UUID=9b64d87d-8ad9-42fa-a59f-d4eb33070944 /var/log       btrfs   subvol=/@log,defaults 0 0
UUID=3f62b76c-b852-4ba2-9fa5-e1d0b38cf631 /home          btrfs   defaults   0 0


cat /etc/crypttab
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: You need not list your root (/) partition here, but it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
#       to encrypted swap, which should be set up with mkinitcpio-openswap
#       for resume support.
#
# <name>               <device>                         <password> <options>

I guess there was no encryption at all.

5

Yes, no encryption after accidental installation.

Which Manjaro ISO did you download, I will test it in VM.

6

I am using the KDE - Manjaro Team - Plasma Desktop Full.
I have partitioned my hard disk into the following
/dev/sda1 - for boot/efi
/dev/sda2 - Swap
/dev/sda3 - Root
/dev/sda4 - Home

I think this is an issue with Calameres - because I tried the same set up with Garuda which uses Calameres - encryption doesnt happen when you choose manual partition and assign the mount points.

Encryption only happen when you replace a partition, erase and install but in that case the default file type is ext4 - one cannot choose btrfs. Is this understanding correct ?

7

My laptop uses Btrfs on LUKS encryption on my custom partition, that works without any issue.

No matter what file system, it’s on LUKS encryption on partition.

Calameres installer might have a bug, I’ll test it in VM.

Did you check the checksum of Manjaro ISO - Plasma Full ?

SHA1: d9146437e83ce85f8987cdcd724017dfca9f073c
ISO: manjaro-kde-21.3.7-220816-linux515.iso

Edit://

I think you got confused by two similar options of encryption in Calameres installer:

The first option “Encrypt system”:

Screenshot_20220925_111915
Screenshot_20220925_111915847×585 36.6 KB

But it is wrong.

The second option “Encrypt” should be right here:
You create a Btrfs partition and tick the option “Encrypt”

Screenshot_20220925_111844
Screenshot_20220925_111844813×450 30.2 KB

8

I installed these same partitions as in your description:

I encrypted only two Root and Home partitions, that works fine after installation:

$ cat /etc/fstab  
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a device; this may
# be used with UUID= as a more robust way to name devices that works even if
# disks are added and removed. See fstab(5).
#
# <file system>             <mount point>  <type>  <options>  <dump>  <pass>
UUID=1C8A-8C43                            /boot/efi      vfat    umask=0077 0 2
/dev/mapper/luks-04608295-8148-46c1-bc20-0b6e1c23d940 /              btrfs   subvol=/@,defaults 0 0
/dev/mapper/luks-04608295-8148-46c1-bc20-0b6e1c23d940 /var/cache     btrfs   subvol=/@cache,defaults 0 0
/dev/mapper/luks-04608295-8148-46c1-bc20-0b6e1c23d940 /var/log       btrfs   subvol=/@log,defaults 0 0
/dev/mapper/luks-d66ce842-2f5e-499a-8518-a73cd00b246b /home          btrfs   defaults   0 0
UUID=8b7d5deb-0d61-4fcb-a67b-169b9c467b72 swap           swap    defaults,noatime 0 0


$ sudo cat /etc/crypttab 
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: You need not list your root (/) partition here, but it must be set up
#       beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
#       to encrypted swap, which should be set up with mkinitcpio-openswap
#       for resume support.
#
# <name>               <device>                         <password> <options>
luks-04608295-8148-46c1-bc20-0b6e1c23d940 UUID=04608295-8148-46c1-bc20-0b6e1c23d940     /crypto_keyfile.bin luks
luks-d66ce842-2f5e-499a-8518-a73cd00b246b UUID=d66ce842-2f5e-499a-8518-a73cd00b246b     /crypto_keyfile.bin luks
9

I too tried what you suggested but then I didn’t get the Encrypt option - are you creating the partition while installing ? Or did you create it prior to installation ?

10

I created the partition with the option “Encrypt” in the “manual partitioning” page before installing

1 Like
11

This worked for me - thank you so much for this.

12

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.