- As preparation for the following tutorial on how to setup unlocking via SSH
- To document the setup for myself.
I won't go into the detail on the setup itself, but only the process of partitioning the disk.
There are many ways to encrypt your harddisk. Arch wiki covers it pretty well if your're interested. I'll describe one specific way here. The goal: encrypting "root" and "swap". However, when you setup two encrypted paritions you set up two (different) passwords. I am pretty lazy, so I want to unlock all encrypted volumes at once. This is where LVM comes in. So I just create one encrypted partition and let LVM handle the rest of the partitioning. So let's go:
Obviously you are going to set up the partitions manually, so select "Manual" on this screen.
I start with a completely empty disk. If it's not a new drive you should probably "secure erase" it first.
So first you setup a boot-partition.
This partition will contain the kernel and the initialramfs required to unlock your system. I created a 200MB partition formatted as ext4. You can adjust the size according to your needs.
Then setup a partition using up the rest of the space.
Then select "Configure encrypted volumes" and then "Create encrypted volumes". Select the disks to use for encryption accordingly:
After setting the password you'll end up with an encrypted volume (e.g. sda2_crypt).
Now select "Configure the Logical Volume Manager".
Select "Create Volume group" and give it a name. This name will be used to present your device in udev (/dev/mapper/yourlvmdisk).
Make sure you select the encrypted volume for the volume group.
Then select "Create logical volume" to create a partition inside the volume group. Setup partitions as desired. You can control your layout at the end by selecting "Display configuration Details".
I decided to setup just a root and a swap partition in this testsetup. If you want additional partitions (e.g. home) you need to create them here. When you're satisfied with your volume setup hit finish.
The volumes now appear as partitions in the partition manager and can be formatted like regular partitions.
I setup the first partition as root-partition with ext4 as filesystem.
When you're done setting up the partitions hit "Finish partitioning and write changes to disk" and then carry on with the installation as usual. When the setup is finished and the system rebooted you will be prompted the password for the volume.
Congratulations! Your system is now fully encrypted.