User:Kulak

Direct Disk Encryption

device=/dev/sdc
cryptsetup luksFormat --type luks2 --align-payload=4096 -s 256 -c aes-xts-plain64 --label cdata1_backup $device
cryptsetup open /dev/by-label/cdata1_backup cdata1_backup
mkfs.btrfs --label data1_backup /dev/mapper/cdata1_backup
mount /dev/disk/by-label/data1_backup /mnt/backup/data1_backup
btrfs subvolume create /mnt/backup/data1_backup/@data1backup
umount /mnt/backup/data1_backup
cryptsetup luksDump /dev/disk/by-label/cdata1_backup
cryptsetup luksAddKey /dev/disk/by-label/cdata1_backup /etc/vault/disk-key
nvim /etc/crypttab
    cdata1_backup  /dev/disk/by-label/cdata1_backup             /etc/vault/disk-key
nvim /etc/fstab
  # /dev/mapper/cdata1_backup UUID=30d29047-09b0-49f5-9d61-d7a6f3033d5e
  LABEL=data1_backup      /               btrfs           rw,relatime,space_cache=v2,subvolid=5,subvol=/  0 0

Other

device=/dev/nvme0n1

partition=/dev/nvme0n1p3  or /dev/disk/by-partlabel/csys0
fdisk -l $device
cryptsetup luksFormat --type luks2 --align-payload=512 -s 256 -c aes-xts-plain64 --label sys0parent $partition

cryptsetup open /dev/disk/by-partlabel/csys0 sys0
mkfs.btrfs --label arch0 /dev/mapper/sys0
mount LABEL=arch0 /mnt

btrfs subvolume create /mnt/@arch
btrfs subvolume create /mnt/@snapshots

umount -R /mnt

mount -o defaults,x-mount.mkdir,compress=zstd,ssd,noatime,subvol=@arch LABEL=arch0 /mnt
mount LABEL=EFI /mnt/boot

arch-chroot /mnt

pacstrap -K /mnt base linux linux-firmware amd-ucode neovim networkmanager linux-firmware-qlogic btrfs-progs

Follow installation guide until `mkinitcpio` section.

create file: `/etc/mkinitcpio.conf.d/arch.conf` with content:

cat /etc/mkinitcpio.conf
MODULES=(btrfs)
BINARIES=(/usr/bin/btrfs)
FILES=()
HOOKS=(base udev autodetect keyboard keymap modconf block encrypt filesystems fsck)

mkinitcpio -p linux

cat /boot/loader/entries/arch.
title Arch Linux (encrypted btrfs)
linux /vmlinux-linux
initrd /amd-ucode.img
initrd /intramfs-linux.img
options cryptdevice=PARTLABEL=csystem:system root=/dev/mapper/system rw rootflags=subvol=@root,rw rootfstype=btrfs

Other options: cryptkey=/dev/dsdf1:50500:200 - option does not work cryptkey=PARTLABEL=seckey:auto:/sec.keyf - option does not work rd.log=all

Copy data from filesystem file:

dd skip=50500 bs=200 count=1 if=/dev/sdf1 of=/root/keyslot1

btrfs from single drive to two in raid 1 mode:

btrfs filesystem show /mnt/data
btrfs device add /dev/mapper/data2 /mnt/data
btrfs filesystem show /mnt/data
btrfs balance start -dconvert=raid1 -mconvert=raid1 /mnt/data

References:

• https://wiki.archlinux.org/title/User:ZachHilman/Installation_-_Btrfs_%2B_LUKS2_%2B_Secure_Boot
• https://wiki.archlinux.org/title/Dm-crypt/System_configuration
• https://wiki.archlinux.org/title/Dm-crypt/Device_encryption
• https://man.archlinux.org/man/mkinitcpio.8