Install Manjaro with Full Disk Encryption and BTRFS
WIP
Just like (Arch Linux), Manjaro is an excellent Linux Distro, although not as hands on as arch linux but more setup, still a good choice in my case, other may vary.
Below is my walk-though of a form post from the Manjaro Manual Install, A to Z Arch Linux, and some of other form post to make the most for Security and Simplicity.
Difficulty: ★★★☆☆
The Setup
- UEFI Boot
- Wireless or Wired Network connection (Manjaro is a Live OS)
- GPT partition table with four partions:
- Unencryted (required) EFI Partition
- Encrypted Boot Partition (Luks1)
- Encrypted Swap Partition (Luks2) \ Optional, can use swapfile
- Encrypted System Partition (Luks2)
- BTRFS as root filesystem with multiple subvolumes
- Unlock system at boot with single passphrase
- GRUB as bootloader
1. Install
1.1 Prepare USB install media
Download the full iso and checksum for your choice.
Prepare a USB flash drive as an installer using any of these methods:
Windows Method:
I typically use Rufus to create a usb bootable disk. Download Rufus and inside select the ISO then Format
Linux Method: dd
Write the installer to an unmounted USB drive using the dd command as root.
BE VERY CAREFUL TO NOTE THE PROPER DEVICE. ALL DATA ON THE DEVICE WILL BE OVERWRITTEN.
Example: Under Linux, if a USB drive appears as sdx1, then write the installer to sdx (remove partition number) …
1.2 Boot installer
Insert USB installer into the target device and boot. Disk will boot into a Live environment.
Connect to a network via Ethernet or Wifi.
1.2.1 Optional: Continue install from another Linux system via SSH
Open the Terminal and Enable SSH on the target device:
Look up IP address:
Now, on the other system, ssh into the Manjaro Live:
The password is manjaro
1.2.2 Verify boot mode
If UEFI mode is enabled on a UEFI motherboard, the installer will boot Manjaro accordingly.
If the directory does not exist, the system is booted in BIOS mode. Note: If the target device has been manufactured within the last decade, chances are its a UEFI-capable device. All my current devices use UEFI boot mode and this HOWTO is based on UEFI. Some of the instructions below - drive partitioning and GRUB setup in particular - will need to be modified if using BIOS mode. Check out the Arch Wiki for details.
1.3 Pre-Setup
Some things to do before you install the system. Open the Terminal or Login via SSH and we’ll start by getting root access.
By default it will use bash you can use zsh by typing \bin\zsh after
1.3.1 Setting System Time
Ensure system time is correct - necessary for SSL certificates
1.3.2 Setting Mirrors
Using pacman-mirrors to set a mirror
You can add --continent for a closer mirror or --url https://mirrors.manjaro.org/repo for just the default mirror
1.3.3 Install Packages
We are going to update the repo and install some stuff
Start by updating the Repo
Then we install some packages
I mainly use dd_rescue for writing random junk into the disk before encrypting it. gparted is only used for the GUI parts of the Install
1.4 Partitioning disk
First we are going to list the disks by using lsblk
> lsblk
Replace sdX with the drive letter or Replace nvmeXn1 with the number
Next there are 2 methods on how to partition the disk
1.4.a - Method 1: GParted
-
Unmount the partitions
-
Create a new partition table
-
Select GPT then apply
