1.2 KiB
1.2 KiB
Wipe and create LUKS
The keyword being wipe because encryption over a preused partition does not prevent old data from leaking. Kindof scary though to fully wipe your data knowing fully well some subsequent step might ruin most of your baclup. "But I'm too much of a man for external backups...."
- Use fdisk to remove old partitions.
- Create unecrypted boot on
/dev/nvmen1p5. (Usemkfs.ext4) - Create empty partition on remaining space (
linux filesystemin fdisk). - Mount with
cryptsetup open --type plain -d /dev/urandom /dev/... to-be-wiped dd if=/dev/zero of=/dev/mapper/to-be-wiped bs=1Mcryptsetup close to-be-wipedcryptsetup luksFormat /dev/nvme...(creates luks with a bunch of useful defaults) prompts for passphrase (generate a strong one!)- Now
cryptsetup open /dev/nvme...system which creates/dev/mapper/system - Finally
mount --mkdir /dev/mapper/system /mnt/systemThe final mount will have to be reflected in the fstab and the previous step executed in the initramfs already.
Create btrfs + subvolumes
mkfs.btrfs /mnt/sys
I then create 2 subvolumes
btfs subvolume create @/ and btrfs subvolume create @rhome