Skip to main content

Partitioning (LUKS)

LVM on LUKS

LVM on LUKS has the benefit of being able to encrypt an entire drive (useful for laptops with encrypted swap for resume). The LVM container cannot, however, span multiple disks.

NOTE: This partitioning scheme does NOT include an LVM cache device. However, it is technically possible to add a cache device to it.

This guide assumes the following:

    This is used on a laptop computer There is only one drive: /dev/nvme0n1 To tighten security, this setup assumes a unified kernel image and booting via EFISTUB

    Preparing the drive

    1. List available disks

      with 
      fdisk -l

    Start partitionaing tool for primary disk (cfdisk is a little easier to determineuse as it has a nice TUI)

    WARNING: Make sure to select your drive

    actually Partitiondesired thedevice! drive with 
    cfdisk /dev/nvme0n1
    (assuming /dev/nvme0n1 is your disk)

    Partition with the following scheme

    FS Type Size Mount Point Comment
    vfat 1G /bootefi EFI System
    LUKS (remaining) Linux file system

    Creating the LUKS container

      Create the LUKS container:container and enter a passphrase

      WARNING: Do NOT forget your passphrase! In case of loss you won't be able to access the data inside the container anymore!

      cryptsetup luksFormat /dev/nvme0n1p2
      Enter a passphrase for the LUKS container (don't forget it!!)

      Open the newly created LUKS container

      (using

      NOTE: cryptlvm is used as an example mapperhere. name, chooseUse whatever you want):like.

      # Open the container with the name `cryptlvm`
cryptsetup open /dev/nvme0n1p2 cryptlvm

      Creating LVM inside the LUKS container

        Create an LVM physical volume inside LUKS container:container

        pvcreate /dev/mapper/cryptlvm

        Create the volume group:

        vgcreate vg0 /dev/mapper/cryptlvm

        Create the logical volumes

        (when

        NOTE: When using resume, make lv_swap as large as RAM):RAM. In this example the machine has 16 GB of RAM.

        lvcreate -L 16G -n lv_swap vg0       # Swap as big as RAM (16 GB)
lvcreate -l 100%FREE -n lv_root vg0  # Root file system

        Formatting devices

        1. Create partitions
          mkfs.fat -F 32 /dev/nvme0n1p1        # EFI System Partition
mkfs.btrfs /dev/mapper/vg0-lv_root   # Btrfs root volume
mkswap /dev/mapper/vg0-lv_swap       # Swap space
        2. Create Btrfs subvolumes
          # Activate swap
swapon /dev/mapper/vg0-lv_swap

# First, mount Btrfsthe root volumefile system
mount /dev/mapper/vg0-lv_root /mnt

# Create subvolumes
btrfs subvolume create /mnt/@
btrfs subvolume create /mnt/@home
btrfs subvolume create /mnt/@log
btrfs subvolume create /mnt/@pkg
        3. Mount partitions
          # Unmount Btrfsthe root volumefile system
umount -R /mnt

# Mount mainthe Btrfs@ subvolume
mount /dev/mapper/vg0-lv_root -o noatime,compress-force=zstd,space_cache=v2,subvol=@ /mnt

# Create directories for other mount pointsmountpoints
mkdir -p /mnt/{efi,home,var/log,var/cache/pacman/pkg}home}

# Mount EFIthe Systemremaining Partitionpartitions/subvolumes
mount /dev/nvme0n1p1 /mnt/efi

# Mount remaining Btrfs subvolumes
mount /dev/mapper/vg0-lv_root -o noatime,compress-force=zstd,space_cache=v2,subvol=@home /mnt/home

mount# Activate swap
swapon /dev/mapper/vg0-lv_root -o noatime,compress-force=zstd,space_cache=v2,subvol=@log /mnt/var/log
mount /dev/mapper/vg0-lv_root -o noatime,compress-force=zstd,space_cache=v2,subvol=@pkg /mnt/var/cache/pacman/pkglv_swap
        Back to top