Hello, some hints inside
Am 08.05.2018 um 02:22 schrieb faurepi...@gmail.com:
Hi, I'm curious about btrfs, and maybe considering it for my new laptop installation (a Lenovo T470). I was going to install my usual lvm+ext4+full disk encryption setup, but thought I should maybe give a try to btrfs. Is it possible to meet all these criteria? - operating system: debian sid - file system: btrfs - disk encryption (or at least of sensitives partitions) - hibernation feature (which implies a swap partition or file, and I've read btrfs is not a big fan of the latter)
A swap partition is not possible inside or with btrfs alone.You can choose btrfs filesystem out of the box in debian install, but that would mean full-disk-encryption with lvm and btrfs. The extra layer lvm doesn't hurt, but you have two layers with many functions double, e.g. snapshotting, resize.
If yes, how would you suggest me to achieve it?
Yes, there is a solution, and it works for me now several years.You need to build three partitions, e.g. named boot, swap, root. The sizes choose to your need. the boot partition remains unencrypted, but the other two partitions are encrypted with cryptsetup (luks) separately. Normally there are two passphrases to type in (and to remember), but there is an option in the cryptsetup scripts (/lib/cryptsetup/scripts) decrypt_derived, which could take the key from the root partition to decrypt the swap partition also. The filesystems then on the partitions are boot with ext(2,3,4), swap with swap and root with btrfs. This configuration is not reachable with a standard debian installation. Debian always choose lvm if you want full encryption. You have to do the first steps manually: make partitions, cryptsetup(luks) for the partitions swap and root, and open the encrypted partitions manually. After that you can install your OS. The manual steps you have to make from a working distro, e.g. live system (disk or stick) with a recent kernel and recent btrfs-progs (debian sid is ok for this). After the install of the OS you have to made the changes for a successful (re)boot manually. Please read the advices you can find in the net. There are some nice articles.
Thanks for your kind help.
-- Mit freundlichen Grüßen (kind regards) Rolf Wald LUG-Balista Hamburg e.V., Germany c/o Bürgerhaus Barmbek Lorichsstr. 28a 22307 Hamburg http://www.lug-hamburg.de No HTML please S/MIME signed email preferred, encryption wanted
smime.p7s
Description: S/MIME Cryptographic Signature
