In this article, I explain how to install openSUSE 13.2 with full disk encryption.
My configuration
/dev/sda1 512MB ext2 mounted on /boot /dev/sda2 [remaining space] LUKS container (named "cryptroot") LVM (named "lvmroot") rootvol 15GB BTRFS mounted on / var homevol [remaining space] BTRFS mounted on /home
I do not use swap, but a swap partition could be easily created as a LVM volume.
Prepare the bootable images
We need Gparted live on a CD and openSUSE on a DVD.
Step 1: Partition with Gparted live
Boot on the Gparted live CD.
Using Gparted, make the partitions /dev/sda1 (512 Mb) and /dev/sda2 (remaining space).
Open a terminal, then create the LUKS container (and give the passphrase):
sudo cryptsetup luksFormat /dev/sda2 sudo cryptsetup luksOpen /dev/sda2 cryptroot
Then, create the LVM container on the LUKS container:
sudo pvcreate /dev/mapper/cryptroot sudo vgcreate lvmroot /dev/mapper/cryptroot
Finally, create the volumes in the LVM container:
sudo lvcreate -L 15G lvmroot -n rootvol sudo lvcreate -l +100%FREE lvmroot -n homevol
We didn’t format the volumes here. It will be done during the installation of openSUSE.
Step 2: Install openSUSE
Boot on the openSUSE DVD.
The installation process automatically detects the LUKS container and proposes to enter the passphrase.
On the “Partition” step, the suggested configuration is to remove the LUKS container and create a fresh partition. This is not our case. So, click on Create the partitions configuration → Custom partitioning (expert):
- The partition
/dev/sda1: format asext2, mount at startup as/boot. - The volumes
rootvolandhomevol: format asBTRFS, mount at startup as/and/home. For my SSD, I use the following mount options:noatime,ssd,autodefrag,compress=lzo,discard,space_cache. In the volumerootvol, I replaced all the default subvolumes by a single subvolumevar.