-
-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Follow opensuse's btrfs subvolumes layout #33
Comments
Yes we can add more subvolumes but if I move /boot (which atm is a fat32 partition) into a @boot btrfs subvolume it'd get encrypted and that wouldn't allow us to use LUKS2 (which means defaulting to LUKS1 and decrypting two times the system at boottime, with the first time being slow since we're not in userspace yet and the bootloader can't use all the CPU decryption algorithms). So TLDR, i can add /root, /opt etc... but not /boot unless we move to LUKS1... |
I think we shouldn't add /boot subvolume in our case. I forgot that suse encrypts the entire drive including /boot so it's different story. So let's create subvolumes with suse style just without /tmp and /boot. I'll also try to test the snapper-systemd-boot tomorrow and if it'll work I'll probably ask someone to package it on aur. |
It seems that grub can boot from a luks2 encrypted partition: https://keyb0ardninja.github.io/BTRFS.html#luks2-setup |
Oh well it indeed can, the problem is that the early decryption (the one that happens to unlock grub first) will be very slow as there's no way to use CPU acceleration for the decryption algorithms. And btw if /boot/ is on a LUKS2 partition that will not work, you can encrypt /boot but it has to be inside a LUKS1 container. |
Not having the /boot directory as an integral part of the snapshot, makes the restore quite useless, in case of a kernel upgrade. That’s why I think it is quite important to address this. Let me say that this project is very cool and the bash script clean and elegant. |
@paolomainardi So you're suggesting to move the ESP to /efi and encrypt /boot right (that's a consequence of moving /boot to its own subvolume). I can try btw. |
I think what they are requesting is that you switch to something more like what https://github.com/tommytran732/Arch-Setup-Script uses, albeit /var/ being that separate probably isn't totally necessary. AFAIK this is what SUSE uses, the main advantage being that you can actually run |
When we talk about the |
I have found a solution to not create so many subvolumes in |
It is needed. The main reason being, you would either not want those subvols rolled back or if you make them part of the immutable system, the system wont boot from grub-btrfs. On the other hand, pacman stores their database in /var, so you can't just make 1 single subvol for /var, because the database will be out of sync with what's actually on the system after a rollback. |
Still not sure about switching to LUKS1 in favor of this setup. I'm more than welcome to change layout when booting i can encrypt the entire system with LUKS2. |
@TommyTran732 what do you think about changing DBPath in |
I need to check if that has some sort of side effects. If it doesn't we can do that. On a side note, does the script work now? Cause I've had people complaining it didn't work. |
The way I think about it, if the user wanna split a subvol out, they can do it themselves. I am not sure splitting the entire openSUSE splits out @classy-giraffe I just came back to Arch 2 days ago so I fixed up a bunch of stuff. The script should work now. |
Hi,
I think we should adopt suse's layout for subvolumes. In my opinion they have sensible arguments. One thing to note is that we don't have to create subvolume for /tmp since it's by default tmpfs. I don't know what about /boot, maybe you have an idea? Source
The text was updated successfully, but these errors were encountered: