Full Disk Encryption after install with different /home partition

Hello Garuda users,

I want to implement FDE after I have already installed the os (dual-boot btw) and furthermore I should note that I have different partition for home folder.
Are there any suggestions or "solutions" and/or best practices that I should follow?

Thank you in advance.

System:
  Kernel: 6.0.1-zen2-1-zen arch: x86_64 bits: 64 compiler: gcc v: 12.2.0
    parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
    root=UUID=96710caf-ba24-431c-89d9-d038e1bc8611 rw [email protected]
    quiet quiet splash rd.udev.log_priority=3 vt.global_cursor_default=0
    resume=UUID=450b983d-e2c4-45c3-97d0-5076354fdb75 loglevel=3 ibt=off
  Desktop: i3 v: 4.21 info: i3bar vt: 7 dm: LightDM v: 1.32.0
    Distro: Garuda Linux base: Arch Linux
Machine:
  Type: Laptop System: Dell product: Dell G15 5520 v: N/A
    serial: <superuser required> Chassis: type: 10 serial: <superuser required>
  Mobo: Dell model: 0N2RP0 v: A01 serial: <superuser required> UEFI: Dell
    v: 1.10.0 date: 07/07/2022
Battery:
  ID-1: BAT0 charge: 15.0 Wh (28.8%) condition: 52.0/54.9 Wh (94.8%)
    volts: 10.8 min: 11.4 model: BYD DELL DVG8M23 type: Li-poly
    serial: <filter> status: discharging
CPU:
  Info: model: 12th Gen Intel Core i7-12700H bits: 64 type: MST AMCP
    arch: Alder Lake gen: core 12 level: v3 note: check built: 2021+
    process: Intel 7 (10nm ESF) family: 6 model-id: 0x9A (154) stepping: 3
    microcode: 0x421
  Topology: cpus: 1x cores: 14 mt: 6 tpc: 2 st: 8 threads: 20 smt: enabled
    cache: L1: 1.2 MiB desc: d-8x32 KiB, 6x48 KiB; i-6x32 KiB, 8x64 KiB
    L2: 11.5 MiB desc: 6x1.2 MiB, 2x2 MiB L3: 24 MiB desc: 1x24 MiB
  Speed (MHz): avg: 2060 high: 2700 min/max: 400/4679:4700:3500 scaling:
    driver: intel_pstate governor: powersave cores: 1: 500 2: 2700 3: 400
    4: 2700 5: 2700 6: 2700 7: 2700 8: 2700 9: 2700 10: 2700 11: 747 12: 2700
    13: 400 14: 631 15: 2700 16: 2700 17: 2700 18: 2700 19: 729 20: 2700
    bogomips: 107520
  Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
  Vulnerabilities:
  Type: itlb_multihit status: Not affected
  Type: l1tf status: Not affected
  Type: mds status: Not affected
  Type: meltdown status: Not affected
  Type: mmio_stale_data status: Not affected
  Type: retbleed status: Not affected
  Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via
    prctl
  Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer
    sanitization
  Type: spectre_v2 mitigation: Enhanced IBRS, IBPB: conditional, RSB
    filling, PBRSB-eIBRS: SW sequence
  Type: srbds status: Not affected
  Type: tsx_async_abort status: Not affected
Graphics:
  Device-1: Intel Alder Lake-P Integrated Graphics vendor: Dell driver: i915
    v: kernel arch: Gen-12.2 process: Intel 10nm built: 2021-22+ ports:
    active: eDP-1 empty: DP-1,DP-2 bus-ID: 0000:00:02.0 chip-ID: 8086:46a6
    class-ID: 0300
  Device-2: NVIDIA GA107BM [GeForce RTX 3050 Ti Mobile] vendor: Dell
    driver: nvidia v: 520.56.06 alternate: nouveau,nvidia_drm non-free: 515.xx+
    status: current (as of 2022-10) arch: Ampere code: GAxxx process: TSMC n7
    (7nm) built: 2020-22 bus-ID: 0000:01:00.0 chip-ID: 10de:25e0
    class-ID: 0300
  Device-3: Microdia Integrated_Webcam_HD type: USB driver: uvcvideo
    bus-ID: 3-5:2 chip-ID: 0c45:6738 class-ID: 0e02
  Display: x11 server: X.Org v: 21.1.4 driver: X:
    loaded: modesetting,nvidia unloaded: nouveau alternate: fbdev,intel,nv,vesa
    dri: iris gpu: i915 display-ID: :0 screens: 1
  Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x285mm (20.00x11.22")
    s-diag: 582mm (22.93")
  Monitor-1: eDP-1 model: BOE Display 0x0a8a built: 2021 res: 1920x1080
    hz: 120 dpi: 142 gamma: 1.2 size: 344x194mm (13.54x7.64")
    diag: 395mm (15.5") ratio: 16:9 modes: 1920x1080
  Message: Unable to show GL data. Required tool glxinfo missing.
Audio:
  Device-1: Intel Alder Lake PCH-P High Definition Audio vendor: Dell
    driver: sof-audio-pci-intel-tgl
    alternate: snd_hda_intel,snd_sof_pci_intel_tgl bus-ID: 0000:00:1f.3
    chip-ID: 8086:51c8 class-ID: 0401
  Device-2: NVIDIA driver: snd_hda_intel v: kernel bus-ID: 0000:01:00.1
    chip-ID: 10de:2291 class-ID: 0403
  Sound API: ALSA v: k6.0.1-zen2-1-zen running: yes
  Sound Server-1: PulseAudio v: 16.1 running: no
  Sound Server-2: PipeWire v: 0.3.59 running: yes
Network:
  Device-1: Intel Alder Lake-P PCH CNVi WiFi driver: iwlwifi v: kernel
    bus-ID: 0000:00:14.3 chip-ID: 8086:51f0 class-ID: 0280
  IF: wlp0s20f3 state: up mac: <filter>
  Device-2: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
    vendor: Dell driver: r8169 v: kernel port: 3000 bus-ID: 0000:02:00.0
    chip-ID: 10ec:8168 class-ID: 0200
  IF: enp2s0 state: down mac: <filter>
Bluetooth:
  Device-1: Intel AX201 Bluetooth type: USB driver: btusb v: 0.8
    bus-ID: 3-10:3 chip-ID: 8087:0026 class-ID: e001
  Report: bt-adapter ID: hci0 rfk-id: 0 state: up address: <filter>
RAID:
  Hardware-1: Intel Volume Management Device NVMe RAID Controller driver: vmd
    v: 0.6 port: N/A bus-ID: 0000:00:0e.0 chip-ID: 8086:467f rev:
    class-ID: 0104
Drives:
  Local Storage: total: 476.94 GiB used: 15.96 GiB (3.3%)
  SMART Message: Required tool smartctl not installed. Check --recommends
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: SK Hynix model: BC711 NVMe
    512GB size: 476.94 GiB block-size: physical: 512 B logical: 512 B
    speed: 31.6 Gb/s lanes: 4 type: SSD serial: <filter> rev: 41002131
    temp: 36.9 C scheme: GPT
Partition:
  ID-1: / raw-size: 83.01 GiB size: 83.01 GiB (100.00%) used: 12.89 GiB
    (15.5%) fs: btrfs dev: /dev/nvme0n1p8 maj-min: 259:8
  ID-2: /boot/efi raw-size: 512 MiB size: 511 MiB (99.80%) used: 612 KiB
    (0.1%) fs: vfat dev: /dev/nvme0n1p10 maj-min: 259:10
  ID-3: /home raw-size: 100.59 GiB size: 100.59 GiB (100.00%) used: 3.07
    GiB (3.0%) fs: btrfs dev: /dev/nvme0n1p9 maj-min: 259:9
  ID-4: /var/log raw-size: 83.01 GiB size: 83.01 GiB (100.00%) used: 12.89
    GiB (15.5%) fs: btrfs dev: /dev/nvme0n1p8 maj-min: 259:8
  ID-5: /var/tmp raw-size: 83.01 GiB size: 83.01 GiB (100.00%) used: 12.89
    GiB (15.5%) fs: btrfs dev: /dev/nvme0n1p8 maj-min: 259:8
Swap:
  Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default)
  ID-1: swap-1 type: zram size: 15.31 GiB used: 0 KiB (0.0%) priority: 100
    dev: /dev/zram0
  ID-2: swap-2 type: partition size: 15.62 GiB used: 0 KiB (0.0%)
    priority: -2 dev: /dev/nvme0n1p7 maj-min: 259:7
Sensors:
  System Temperatures: cpu: 40.0 C mobo: N/A
  Fan Speeds (RPM): N/A
Info:
  Processes: 402 Uptime: 2h 59m wakeups: 4872 Memory: 15.31 GiB used: 4.07
  GiB (26.6%) Init: systemd v: 251 default: graphical tool: systemctl
  Compilers: gcc: 12.2.0 Packages: pm: pacman pkgs: 1264 libs: 317
  tools: pamac,paru Shell: Zsh v: 5.9 running-in: alacritty inxi: 3.3.22
Garuda (2.6.8-1):
  System install date:     2022-08-28
  Last full system update: 2022-10-18
  Is partially upgraded:   Yes
  Relevant software:       NetworkManager
  Windows dual boot:       Probably (Run as root to verify)
  Snapshots:               Snapper
  Failed units:
1 Like

reinstall.

4 Likes

I don't think full disk encryption is even an option in the Calamares installer unless you opt for full wipe/reinstall.

If you want to keep booting Windows, I would not attempt to encrypt the EFI partition anyway. Better to just encrypt / and /home and call it a day.

4 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.