• Install Antergos with previously existing encrypted /home partition


    What is the process for installing Antergos with a previously existing /home partition?

    I am coming over from a Fedora install where I had /, /boot, and swap on a 128GB SSD and /home on a LUKS encrypted 750GB HDD. I’d like to install Antergos on the SSD and point it to the encrypted HDD for the /home partition. In the installer Cnchi there are options to encrypt your home partition, but I’d like to avoid the issues that this user ran into with duplicating encrytption. There’s also options to specify a previously existing /home partition and the file system, but LUKS is not one of the options there.

    So what are the steps to accomplish this?

    I came across this post about accomplishing this when LVM is in use, but I was unsure whether this would do the trick since I’m not using LVM. Do I just follow that tutorial and simply skip the steps having to do with LVM?

    Thanks in advance.

  • Hi,

    You have two options:

    1. First Install normaly, then install cryptsetup and setup Antergos to open and mount your old home partition at boot. You’ll lose Antergos DE setup, though (you can copy all settings from the new home to the encrypted home)

    2. Do it the other way around, that is, from liveDVD/USB open your old encrypted home, then install Antergos normally BUT:

    • Select the old home partition as /home
    • Do NOT check Format checkbox for it.

    Cheers!

  • @karasu I just tried option number 2. Perhaps I’m doing something wrong. In Antergros live USB, I used cryptsetup to load and decrypt the HDD. Can browse it, write to it, etc. from file manager without issue. Using Cnchi then I set sda1 to /boot, sda2 to / and sda3 to swap with the option to format, then sdb1 to /home as ext4 (which is the fs when decrypted), with the option to NOT format. Nowhere in the install process does it ask for my decryption password.

    After install completes and I restart, my laptop boots to emergency mode where it prompts me to log in as root for maintenance. It appears that it is expecting sdb1 to be ext4 but is not finding that filesystem since it’s an encrypted drive.

    Fedora’s installer asks for the decryption key when i specify the /home directory is an encrypted volume when installing fedora, and it boots then to a screen where i enter the password for decryption. Neither of these things occurs with Antergos.

    Any ideas as to what I am doing wrong?

  • Hi,

    You’re doing nothing wrong.

    As you have guessed, your system complains about not being able to access /home as nobody has told it that your /home is encrypted. As you have mentioned, Fedora installer does this by itself, I’m afraid Cnchi does not.

    Don’t worry as it’s not that difficult. You just have to edit /etc/crypttab file and add your luks device.
    Check this out: https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Mounting_at_boot_time

  • @karasu Woohoo! Thanks a ton karasu! That seems to have worked.

    For anyone else in the future that wants this, note that I had to edit both the /etc/crypttab file, as recommended by karasu, but also the /etc/fstab file.

    In crypttab I had to specify the UUID of the encrypted drive. In fstab I had to specify the UUID of the ext4 filesystem of the decrypted volume-- in fact there was already a line for /home in fstab, but it had the UUID of the encrypted partition rather than the UUID of the ext4 filesystem that is on the encrypted drive. So I just had to change the UUID in that line. To get the UUIDs, I ran lsblk -f to get the relevant UUIDs after mounting the encrypted volume during the live USB session.

cnchi105 installation197 luks14 home3 Posts 5Views 1123
Log in to reply