Install Linux Mint 20.3 with custom partition layout
If I'm installing Linux Mint on a computer with >256GB of storage, I like to create a separate (encrypted) partition to hold the contents of my home directory from the partition (also encrypted) that contains the operating system. It makes it easier if I decide in the future to re-install Linux without overwriting user files.
I use a four partition layout (for UEFI-boot systems):
- 1 -
EFISystem Partition - 2 -
bootpartition - 3 - encrypted
rootpartition - 4 - encrypted partition + Logical Volume Manager (LVM) with
homeLogical Volume (LV)
This is how I do it ...
1. Create partitions 1, 2, 3 during install
Run the Mint Installer.
For Installation type, select Something else to create a custom layout.
Using the graphical partition tool, I create:
- Partition 1 - 300MiB - EFI System Partition
- Partition 2 - 1000MiB - unencrypted - mounted as
/boot - Partition 3 - 30000MiB - Linux Unified Key Setup (LUKS) encrypted - with:
- /dev/mapper/DEVICE_crypt - mounted as
/
- /dev/mapper/DEVICE_crypt - mounted as
Commit the changes, and continue with the install.
When Installer is finished, select Continue testing.
2. Create partition 4 after install
Open a terminal. Switch to root with sudo -i.
Identify disks with lsblk -f.
Set disk to be partitioned (example: sdX) ...
export disk="/dev/sdX"
Create a new LUKS encrypted partition that uses all of the remaining storage ...
sgdisk -n 0:0:0 -t 0:8309 -c 0:luks $disk
Print and re-read the new partition table ...
sgdisk -p $disk
partprobe $disk
3. Encrypt partition
Encrypt the new partition ...
cryptsetup --type luks2 -y -v luksFormat ${disk}4
Note: If the same password used to encrypt the earlier root partition is used again for partition #4, it will be automatically unlocked after root is manually unlocked during bootup. Courtesy of systemd-ask-password, which comes with a cache functionality. It will cache the password, and try it on the next LUKS partition. See Why is my LUKS partition mounted without asking for more details.
4. LUKS + LVM
I use this encrypted storage along with LVM to create a “virtual partition” (Logical Volumes or LV) for the home filesystem. Installing LVM on top of LUKS allows the creation of multiple LVs protected by a single passphrase, and dynamic resizing of LVs as needed.
Open partition #4 mapped to cryptdev ...
cryptsetup open ${disk}4 cryptdev
Create the LVM physical volume...
pvcreate /dev/mapper/cryptdev
Create the LVM vg volume group ...
vgcreate vg /dev/mapper/cryptdev
5. Prepare home
Create an LV container for home and assign storage (example: +90% of free space) ...
lvcreate -l +90%FREE vg -n home
View modifications with lvdisplay.
Format the LV ...
mkfs.ext4 /dev/vg/home
Move the contents of /home on the root partition to the new home LV ...
mount /dev/vg/home /mnt
mv /target/home/* /mnt
6. Fstab
Create an entry for /home in /target/etc/fstab ...
/dev/mapper/vg-home /home ext4 defaults 0 2
7. Crypttab
Obtain the UUID of the LUKS + LVM partition and append to /target/etc/crypttab ...
cryptsetup luksUUID ${disk}4 >> /target/etc/crypttab
Open the file in an editor - nano /target/etc/crypttab - and edit that appended line to create an entry for cryptdev ...
cryptdev UUID=<uuid-of-luks+lvm-partition> none luks,discard
8. Finish up
Unmount home ...
umount /mnt
Deactivate volume group ...
lvchange -an vg
Remove the encrypted device map ...
cryptsetup close /dev/mapper/cryptdev
Reboot.
A prompt appears to enter the password for the first LUKS partition (root). If the same password was used for the second LUKS + LVM partition, it will be auto-mounted and the system will continue booting to the login screen.
Good stuff!
See also: Customize LVM on LUKS after installing Linux Mint for an alternate method.
» Next: Generate a list of installed Fedora packages on one device (and install on another)
« Previous: Zram swap on Arch Linux