Which filesystem do you use? Do you use LUKS? with or without LVM?

Off Topic
1

I use Fedora. But I many VMs (big VM files). So I have to srink or grove many times the partitions. Therefore I use LVM. Simply my scheme is like:

  • /boot/EFI
  • /boot
  • LVM
    • A- fedora OS root. mount-point: / EXT4 with LUKS
    • B- personal files mount-point /personal-files EXT4 with LUKS

I shrink or grow A and B partitions easily. Therefore I use LVM.

But with LUKS and LVM things can get very complicated. As mentioned their official documentation:

https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions#2-setup

A and B can not be BTRFS sub-volumes because, if I will re-install the OS it should not format B. BTRFS does not solve this scenario.

Fedora’s Anaconda has issues with predefined LVM sub-volumes. I also seen those my eyes. Nautilus can not also list my LVM sub-volumes on the left panel.

The modern Linux filesystems which support natively encryption, do not support shrink. They can only grow.

Most of GUI apps like Gparted, KDE partition manager, Cockpit-storage, blivet-gui, gnome-disk, do not support LVM with LUKS.

I don’t have the courage to use LUKS inside LVM. Without LVM I dont think it will be difficult. But without LVM, to resize partitions only for 100 MB may takes hours.

Without LUKS its too risky to use SSD, because we have over‑provisioning issue (not enough to wipe free space).

Could you please share your daily practices and partition schemes of your devices?

2

Why does it not solve this? You can keep one subvolume, while discarding or overwriting another

3

LUKS with BTRFS, ZFS, ext4 and NTFS depending on the system.
But mostly BTRFS and ext4.

4

I will test it again because last time I tried it I could not be sure of that. Here is another issue about this:

Also many people say that BTRFS is very complicated and you should maintain it (like clearing metadata). Is that really an issue for non-advanced user like me?

BTW:

  • Gparted and Gnome-disks do not show any sub-volume of it.
  • Blivet-gui does not allow me to set mount point. It does not support I think.
  • nautilus does not show subvolumes on left panel.
  • the only GUI apps works with BTRFS is cockpit’s storage plugin. If it lacks on any feature or it has a bug, there is no any alternative way to manage BTRFS for me.
5

Why LUKS on LVM rather than LVM on LUKS?

6

I want 2 different passwords for both sub-volumes.

Because I live in a generally dangerous state. I have a guest user on Fedora for my other family members. But my personal document will have it’s own password. But anyway, I’m gonna use 1 password for all that means I will use same LUKS for both (all) sub-volumes.

7

You could use full disk encryption and use systemd-homed to additionally encrypt each home folder.

Also you might want to consider using self-signed UKIs to better protect your boot chain, because otherwise (offline) attacks could maliciously modify your initramfs.