In this post I will shortly list the steps to install debian using LVM and LUKS alongside a working Windows installation, as a dual boot system.
When you follow the following steps, you will have separate /home, root and swap partitions and all of them will be fully encrypted.
This is tested with debian 9 and Windows 10, 64 bit system with GPT partitioning structure.
- Create a free NTFS partition on your disk for Windows and a free disk space following the Windows partition for your Linux installation. I suggest at least 20G of disk size for Linux root partition. You may use debian live USB/CD and gparted for this purpose.
- Install Windows to the first partition.
- Plug in the ethernet cable and unplug all unnecessary USB disks except the installation one to prevent any mistake during installation and partitioning.
- Boot with a debian USB or compact disk and run the installer.
- Select a language: English
- Select your location: Choose yours.
- Configure locales: Choose yours or choose US.
- Configure the keyboard: Choose yours.
- Detect network hardware: “Some of your hardware needs non-free firmware files to operate. The firmware can be loaded from removable media, such as a USB stick or floppy. The missing firmware files are: iwlwifi-7260-17.ucode”. If you have such media available now, insert it, and continue. Load missing firmware from removable media: No.
- Detect network hardware: “Some of your hardware needs non-free firmware files to operate. The firmware can be loaded from removable media, such as a USB stick or floppy. The missing firmware files are: rtl_nic/rtl8411-2.fw”. If you have such media available now, insert it, and continue. Load missing firmware from removable media: No.
- Please enter the hostname for this system: Choose yours. This will be the name of your computer and it may be visible on the local area network.
- Please enter the domain name. Choose yours or hit enter.
- Choose a mirror of the Debian archive: Choose yours. Hit enter when it asks you for a proxy if you don’t need one.
- Set up users and passwords: Just hit enter to disable root account.
- A user account will be created for you to use instead of the root account for non-administrative activities. Full name: Choose something or enter yours. Choose a password.
- Partition disks: Manual.
- Create a 500M partition at the beginning of the free disk space. Set its mount point as “/boot”, format it and use it as ext4 journaling file system (In this guide boot partition will be unencrypted. If you want to make it encrypted as well, it is possible. Check duckduckgo).
- “Configure encrypted volumes”. Write changes to the disk: Yes.
- “Please select the devices to be encrypted”: Select the free space. Write changes to the disk: Yes. The data will be overwritten: Yes. Erasing data… (This can take a little while)
- Choose a secure encryption passphrase.
- Configure the logical volume manager. Write current partitioning scheme: Yes.
- Create volume group. Enter a name for volume group, such as “vg”.
- Select encrypted disk (/dev/mapper/sdx_crypt).
- Create a logical volume. Select vg. Give a logical volume name: root. Set its size. My suggestion: At least 20G.
- Create a logical volume. Select vg. Give a logical volume name: home. Set its size… Spare a few gigs for swap, if possible. Typically twice as your RAM size, but nowadays I think 4-8 gigs would be sufficient for most people.
- Create a logical volume. Select vg. Give a logical volume name: swap. Set its size. Give all the remaining space.
- Finish LVM configuration.
- Select LV root and configure it: Use as ext4, mount point /.
- Select LV home and configure it: Use as ext4, mount point /home.
- Select LV swap and configure it: Use as swap area.
- Finish partitioning and write changes to the disk.
- Installing system… (This can take a while).
Well, that was it… Stay free and stay safe.