Web lists-archives.com

Re: trying to install Debian encrypted in an existed partition, keeping the rest as it is ...

On Wed 30 Jan 2019 at 00:30:40 (-0500), Albretch Mueller wrote:
>  use case:
>  Say, you have a computer preinstalled with Windows, on which you
> would like to install a Debian Linux base. You would:
>  1) resize the larger, Windows proper (/dev/sda3) partition

Yes, the largest partition (/dev/sda5 here) was the one containing all
the user data. I shrank it in stages:
a) free up space by removing redundant files, emptying the trash etc.
b) defrag and optimise the disk.
c) shrink the volume.
d) create a partition in the freed space.
e) copy files onto the new partition.
f) remove said files.
g) try again.
h) set No Protection, then delete Checkpoints.
i) copy said files back.
j) shrink more.
k) remove partition created at (d).
l) create 5 partitions as required, filling free space.
m) set size, assign no drive letter, exFAT or FAT as offered.
n) label them for unambiguous identification.
o) boot linux and run gdisk to reestablish the 5 partitions' properties.

I create 5 partitions for /, backup / (I always carry a spare),
/home, BIOS boot, and Swap. NB: BIOS boot is not /boot; it's empty.

>  2) install Linux encrypted in the created space,

One reason I'm not more help is that I install linux unencrypted in /,
create an encrypted partition for future /home, copy the directories
from current /home to future /home (basically the /etc/skel files)
and make the necessary adjustments to /etc/fstab and crypttab to
mount future /home over current /home when rebooted.

> with
>  3) what you need to start it up (the /root partition) on a pen drive

I've used the option of selecting the OS to run by using Legacy BIOS
booting for linux and the preinstalled EFI booting for Windows.
So, apart from the creation of the 5 "untouchable" partitions,
and being told that the RTC is running on UTC, Windows knows nothing
about the linux system's presence.

>  So, other people may be able to use that box just fine under Windows
> and you would do your thing.

Yes, in my case they just have to know to press the small button on
the side instead of the power button, and then select the top item
from this menu (as I leave BIOS as the default):

Normal Startup     ← Windows
BIOS Setup         ← linux
Boot Menu
System recovery

>  If for whatever reason you disown that computer, you would just
> delete that partition. Your own data you will keep on a USB pen or
> microdrive.

Something like that. I'd run badblocks over the unencrypted partitions.

>  Any step by step procedures?

Modify anything above to taste.