Skip to main content
Topic: [solved] LUKS encrypted System with UEFI: How to partition? (Read 1225 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

[solved] LUKS encrypted System with UEFI: How to partition?

Hi there, i work since 2004 with gentoo, but now i want to trying this distribution. I want to encrypt the hard disk with a password (NO file-key), because if i lost the notebook noone can use my personal data. It's a Lenovo Thinkpad T520 and i want to use UEFI. So i found a few tutorials to do this, my favourite is this one:
https://wiki.artixlinux.org/Main/InstallationWithFullDiskEncryption
But that's without UEFI. So i read the one who is linked in the tutorial:
https://www.rohlix.eu/post/artix-linux-full-disk-encryption-with-uefi/
But it seems weird to me to partition. So i am not getting it, maybe someone can give me a hint. I think (and i could be wrong!) i should do something like that:
partition 1: /boot, fat, 4096MiB (for more than one kernel and tools) and for grub2
partition 2: /boot/EFI, VFAT (how big?)
partition 3: the LVM stuff
Or have i to exchange partition 1 and 2? In some tutorials there is only a EFI Partition, but mounted in /boot/EFI, so the kernel is in /boot and that will be encrypted? I know i'm asking stupid questions, but i didn,t get the point.

Re: LUKS encrypted System with UEFI: How to partition?

Reply #2
The first one didn't explain the partitions. The second link is the SAME i've posted.

Re: LUKS encrypted System with UEFI: How to partition?

Reply #3
Quote from: Gladdle – on
The first one didn't explain the partitions. The second link is the SAME i've posted.
sorry, i did not read the links, because i have no experience with LUKS encrypted system with UEFI ... i use no LUKS nor UEFI
 

Re: LUKS encrypted System with UEFI: How to partition?

Reply #4
Okay, i have searched a lot and there are a LOT of wrong informations about that. I have enabled "UEFI only" in my BIOS. Thats why i need to make
Code: [Select]
parted -s /dev/sdX mklabel gpt
parted -s -a optimal /dev/sdX mkpart "primary" "fat16" "0%" "512MiB"
parted -s /dev/sdX set 1 esp on
mkfs.fat -n ESP /dev/sdX1

The OLD BIOS starts the first sectors of an hdd, also called mbr. The MBR (Master boot Record) only got 512 Bytes so GRUB only stores the "stage 1" part there - and linked to a small partition (earlier known as the /boot partition) , where the rest of GRUB was saved. The old grub only news a few and small file systems, so you have to create the /boot partition, because some people use another file system like ext4 or ReiserFS or have to big harddrives (partitions) - so GRUB couldn't start.

NOW (...i am old and...) we have UEFI, the (inofficial!) successor for BIOS. He doesn't use a MBR, now it's a GPT (GUID Partition Table) which can handle (very) big harddrives and more than 4 primary partitions. Now there is a ESP (EFI System Partition), where informations about bootloaders and operating systems are stored. So GRUB (now: GRUB2) has more space and can support BIG harddrives and a lot of filesystems: Thats the reason we don't need the /boot partition anymore.

AND: If i have understood this topic correctly, GRUB2 can decode the LUKS&cryptsetup stuff. So i don't need the /boot partition, too. I am sorry for my bad english, but i want to explain that, so the next user who is confused like me and searching for the topic will find correct informations. I have found a great site with informations, but it's only aviable in german:
https://www.happycoders.eu/de/devops/manjaro-tutorial-linux-bios-uefi-mbr-gpt-grub-sed-luks/
The Autor explains the differences very well ... even he is a java software developer ... (Sorry  ;) )