[root tip] [How To] Use Calamares to install encrypted root using unencrypted boot

Unencrypted boot and encrypted root with Calamares

If you have concerns about using an unencrypted boot you are not in the target audience and you would likely be using qubes-os and full disk encryption

There is pro’s and con’s to this approach so please respect that this topic is not intended for discussions of such considerations.

This topic is for those who are not worried about abusive government and their agencies but still caring enough of their privacy to encrypt their data without sacrificing their system boot time.

Calamares EFI system encryption guide

Ensure your system is using EFI mode by entering your system firmware and disable Legacy or Ccmpatibility mode.

Boot the live ISO and start the Calamares installer.

In the installer - move along with the installer until you reach the Partitions section

Partitions section.

  1. Choose Manual partitioning option
  2. Do Not tick the Encrypt system box
  3. Click > Next button
Screenshot

image

  1. Click the New Parition Table button
  2. The GPT partition scheme should be preselected
    (if it’s not something’s not right - cancel and fix it)
  3. Click the OK button
Screenshot

image

Select the Free space and click the Create button

  1. Size → 512M
  2. File system → fat32
  3. Mount Point → /boot/efi
  4. FS Label → efi system
  5. Flags → boot
  6. Click the OK button
Screenshot

image

Select the Free space and click the Create button

  1. Size → 1024M
  2. File system → ext4
  3. Mount Point → /boot
  4. FS Label → linux boot
  5. Flags → No flags
  6. Click the OK button
Screenshot

image

Select the Free space and click the Create button

  1. Size → remaining
  2. File system → ext4
  3. Tick Encrypt
  4. Fill in encryption phrase
  5. Confirm encryption phrase
  6. Mount Point → /
  7. FS Label → linux root
  8. Flags → root
  9. Click the OK button
Summary

image

When you continue the remainder of the installation you will be notified by the installer, the installation is considered unsafe. You already know that - so acknowledge the warning and continue.

image

:information_source: After you finalize your installation and reboot - consider creating a swapfile following the instructions on the wiki page at Swap - Manjaro

:information_source: Hibernate functionality is not initially setup using this kind of installation. It is likely possible to setup but beyond the scope of this guide.

5 Likes

Hey @linux-aarhus this is great – I actually planned to do it as well, especially with the screenshots as they are really helpful. So thanks for beating me to it :wink: :+1:

(replying here, as topics are already closed after two [sic!] days (WHY? people have work, life, …) and I cannot reply in my original thread anymore :confused:)

hopefully this is a little help: this (supposedly) solves:

Great guide thanks a lot.
Worked perfectly!