openSUSE 13.2, BTRFS and LUKS

In this article, I explain how to install openSUSE 13.2 with full disk encryption.

My configuration

/dev/sda1 512MB ext2 mounted on /boot
/dev/sda2 [remaining space] LUKS container (named "cryptroot")
	LVM (named "lvmroot")
		rootvol	15GB BTRFS mounted on /
			var
		homevol	[remaining space] BTRFS mounted on /home

I do not use swap, but a swap partition could be easily created as a LVM volume.

Prepare the bootable images

We need Gparted live on a CD and openSUSE on a DVD.

Step 1: Partition with Gparted live

Boot on the Gparted live CD.

Using Gparted, make the partitions /dev/sda1 (512 Mb) and /dev/sda2 (remaining space).

Open a terminal, then create the LUKS container (and give the passphrase):

sudo cryptsetup luksFormat /dev/sda2
sudo cryptsetup luksOpen /dev/sda2 cryptroot

Then, create the LVM container on the LUKS container:

sudo pvcreate /dev/mapper/cryptroot
sudo vgcreate lvmroot /dev/mapper/cryptroot

Finally, create the volumes in the LVM container:

sudo lvcreate -L 15G lvmroot -n rootvol
sudo lvcreate -l +100%FREE lvmroot -n homevol

We didn’t format the volumes here. It will be done during the installation of openSUSE.

Step 2: Install openSUSE

Boot on the openSUSE DVD.

The installation process automatically detects the LUKS container and proposes to enter the passphrase.

On the “Partition” step, the suggested configuration is to remove the LUKS container and create a fresh partition. This is not our case. So, click on Create the partitions configuration → Custom partitioning (expert):

  • The partition /dev/sda1: format as ext2, mount at startup as /boot.
  • The volumes rootvol and homevol: format as BTRFS, mount at startup as / and /home. For my SSD, I use the following mount options: noatime,ssd,autodefrag,compress=lzo,discard,space_cache. In the volume rootvol, I replaced all the default subvolumes by a single subvolume var.

Leave a Reply

Your email address will not be published. Required fields are marked *

Mesure anti-spam. Merci de copier le code « dEjiNm » dans le champ ci-dessous :