I don’t use LUKS directly but sometime LVM+LUKS. The fastest way is to create the LUKS volume and partitions before to start the installations and do not format them directly from Calamares.
I’ll give that a try. What I actually think I want to do is encrypt a Data partition on a multi-boot computer. I have been mounting this partition in my current 4 OMLx systems (Rock, Rome P5&6, Cooker). But I would also like to know how to make this work for encrypting root or / and /home for users benenfit.
Also wondering if one can use LUKS or LVM+LUKS in multi-boot situation.
I suppose so, even if I never tried in a multiboot environment.
If you would like encrypt / partition and you would like to unlock LUKS2 partition automatically from grub you should use some tricks but finally it works (I tested in with ROME some months ago).
LUKS+LVM is useful if you would like to encrypt the whole disk with just one key and keep /, /home and swap partition independent. Calamares has an heuristic behavior with LVM (basically it could support it, but it does not), at least with OM because it release all LVM vlume groups after the partition selection window but does not re-activate them before to start the copy of the files (in fact it installs the system in a tempopary direcory and it fails with a stange error). The workaund is to run the vgchange -ay command manually from a terminal just before Calamares starts the installation. Usually after some try I succeed to do it at the right moment.
For this test I used Manual Partitioning. Created:
300MB fat32 /boot/efi with boot flag enabled, not encrypted
2GB ext4 /boot not encrypted
For the remaining disk space selected to use ext4 for / in that window checked the box to encrypt that partition.
So only / is encrypted. More testing to do. Need to determine if unencrypted /boot is necessary or if one could just create unencrypted /boot/efi and encrypted /. Then need to determine if one can use separate / and /home both encrypted.
There may be other ways to do this but I have something I believe will Work_For_Me. And this should also work for other users as well.
Edit: This so far has been done in VirtualBox. I do not really see the need to have encryption in VBox. So for me personally the next goal is to see if this works on my laptop in a multi-boot scenario.