This has been tested in VirtualBox, hardware testing to come soon. However this should work on hardware.
This How To assumes user is using EFI/UEFI boot. If you are using Legacy boot you should be able to figure this out accordingly.
This works (this is all done with Calamares installer):
Partitioning in Calamares:
Installed ROME system:
For this test we use Manual Partitioning creating:
- First select “New Partition Table” and select the 2nd option GUID Partition Table (GPT).
- 100MB fat32
/boot/efiwith boot flag enabled, not encrypted (Mandatory) - 1024MB ext4
/bootnot encrypted (Mandatory) - 20480MB ext4
/encryption enabled - Rest of disk space ext4
/homeencryption enabled
Separate keys or passwords for /, /home, and used another password for user/admin. So three passwords needed to get into this system plus / and /home are encrypted. You may do this differently like use the same password for all, but for security this way is better.
This was tried with xfs and that did not work. Why? Because on hardware multi-boot in OMLx ext4 and xfs work where btrfs and f2fs do not play nice. This encryption setup probably will work with btrfs also, but we leave that for other users to test as well as f2fs.
Note-1: If you use smaller than 300MB for /boot/efi Calamares will issue a warning. Ignore this. Or if you wish edit /etc/calamares/modules/partition.conf to what you want. Probably should not go below 100MB but 100MB is more than enough for this. Or just use 300MB. Your choice.
Note-2: We used 1024MB or 1GB for /boot partition to ensure that user has enouth space in boot for 3 or more kernels. By default OMLx when installing a new kernel will also keep the 2 most recent kernel versions if system is old enough to have multiple kernels installed.
Note-3: Using an unencrypted /boot and encrypted / will issue a different warning. Ignore this. There is probably a way to disable that warning but that was not investigated. Seems like kind of a stupid warning as this won’t work otherwise. Plus as far as security one still would need to enter the luks key password to boot the system (in this example 2 luks key passwords).
As always if users have any questions or problems post in the English Support Forum with a descriptive title and all (all means all) of the terminal output copied and pasted in a .txt file or contact OM devs at OpenMandriva Chat. You can add .txt files in OpenMandriva chat also. Please include any other relevant information you are aware off and please do not make the mistake of posting what you believe someone else needs to know to problem solve the issue. One can not know what another person needs to know when dealing with technical matters.