2

I'm installing Debian, as I've done a million times, except this time I'm trying with full-disk encryption from the installation itself and partitioning manually, because I'm replacing an existing Linux partition (different distro) on a disk with all sorts of mystical partitions that I don't want to mess with. At any rate, I just need one partition for this installation, whose previous Linux distro I'm replacing with Debian.

However, I seem only able to set the target partition (/dev/nvme0n1p5) as the root partition (/) before I configure its encryption, but then finding myself unable to set it as the root partition once encryption is set up. Therefore, I cannot finish partitioning, because the installer won't let me move on without defining a root partition.

So it's a bit of a catch-22. Configuring the encryption removes the root partition setting, but I can't set an encrypted partition as the root partition.

Not sure if I'm missing something or if this is just some sort of bug in the installer.

Teekin
  • 181
  • 1
  • 1
  • 7

2 Answers2

1

I finally figured it out and will leave the solution here in case others have the same problem.

The problem was that the installer expects encryption to be used with the Logical Volume Manager. So I created an LVM group on the partition I was trying to install to (/dev/nvme0n1p5). It then turned out that I actually needed two, one for boot (/boot) and one for root (/). I created a logical volume of 100 MiB for the boot partition, and used the rest for the root partition. (Important: A comment below suggests that 100 MiB for the boot partition is way too low. I've seen some on the internet recommend anything from 300-1000 GiB.)

I was then able to specify those partitions' mount points after having done the LVM stuff and setting encryption on the root partition (the boot partition remains unencrypted), and was then able to proceed with the installation.

Teekin
  • 181
  • 1
  • 1
  • 7
  • 1
    `/boot` should not be an LVM, just a standard partition, and 100 MiB is far too small. Your system will break when the first kernel update comes in. Start over and make it at least 1 GiB. – Michael Hampton Jan 04 '21 at 17:53
  • Thanks for the note. I have seen people suggest 300 MiB since this was written. I'll take my chances this time, because re-installing is almost trivial for me if this ever becomes a problem. I've added your concerns to the response, though, so thanks again. – Teekin Jan 09 '21 at 18:09
0

The encrypted installation of Debian is well documented in this previous post

Be sure to check also this comment for a complete overview

roneo.org
  • 101