I'm trying to use a Debian network cd to install it, via the advanced graphical installer. I want to use the full-disk encryption option, but I'm trying to install it on an older machine. I think it has about 1GB of RAM. I installed Pop!_OS on it, and it ran fast enough, as I could specify a decent swapfile size, but try as I might, I couldn't get it to find a graphics driver that would give me anything but a 640 screen resolution. (Debian found a great video driver, FWIW).
When I use the guided setup for an encrypted whole disk on an LVM volume, it gives me a tiny 1.1 GB encrypted swap partition. It installs fine, and seems to run, but when I start to use the Software Center, pretty soon it just starts to grind and grind on the swapfile.
If I try to shrink one of the big LVM partitions, I can't in gparted, since it tells me it is in use. I've tried command-line approaches, but they fail; and are extremely frustrating. If I boot on a Debian Live DVD, first must do sudo apt-get update, which takes a while, and then sudo apt-get crypt-setup and lvm2 in order to mount them. Nothing in the Debian docs told me how, but this Ubuntu page describes one method: Resize encrypted partitions
If I pause anytime for very long during this process, the monitor goes dark, and when I press a key, the screen presents me with my nice desktop, only to grind on the live DVD for about 5 minutes, and finally show me a nice, colorful wallpaper, and grind for about 20 minutes or more, before showing me a prompt that it has been locked, and it asks me for a password; which I never knew, but found out that it is "live".
If I tried actually carrying out the commands, I think it was on the e2fsck command, or the resize2fs didn't work. I forget the exact error.
I tried making the partition smaller, using only 130GB of a 160GB HD, and then expanding it with the instructions from How to enlarge encrypted swap partition? (sic), but it failed on the mkswap command, since the volume was in use. I tried using the live DVD, but gave up in frustration after it locked the screen again.
I went back to fight with the graphic installer, but once I told it to use guided full-disk encryption, it insisted on giving me a 1.1 GB swap partition. When I tried to reduce the size of the main LVM partition, it gave me the clever "No modifications can be made to this device …", "In use by LVM Volume Group XXX". If I try to double-click on the 158 GB ext4 partition, there's nothing there that lets me reduce its size, to make room for a reasonably-sized swap-file. If I try to do a manual partition setup, and try to create partitions like it has with the guided LVM encrypted setup, I can't get them the same way.
I think a 30 or 40 GB swapfile for Linux is a lot more realistic – especially since e.g. Linux Performance: Why You Should Almost Always Add Swap Space | Hacker News details how awfully Linux behaves when it is out of swapfile space: it's almost always a hard reboot. Open too many tabs in your browser, or run an application that uses too much data, and there you are.
I'm sure it must be possible. I'd hate to think that an encrypted volume on Debian is simply impractical unless one has huge amounts of RAM. I'm sure it could be done from the command line, but I think it would be a longer timewaster than I have been on now (around two weeks on this so far), to set it up.
I'm sure it's not impossible, but is there a way to set up an encrypted volume on Debian through the graphical installer, with maybe a few commands I can execute afterwards, or from the Debian Live DVD (which as above, lacks so much as a partition manager!!!)? Perhaps a Kali Linux live disk wouldn't give me so much heartache if I tried to use it after-the-fact. Maybe somebody can give me command-line instructions that will do this in Debian. The swapfile should be encrypted, too, of course. Otherwise, it would defeat the point of encryption.
EDIT:
I tried to manually create the partitions. I created a root partition, and made it bootable, although I'm not sure what size it should be. I suppose I could learn its size from a guided partition.
I created a encrypted partition with all the remaining space on the disk. I then created a volume group within it. However, I wasn't able to create a partition within it, much less specify that that's where the bulk of the OS should be installed; nor create a swap partition within the volume group. It says the volume is part of a volume group already. Without a volume group, I was likewise not able to create partitions within the encrypted partition.
EDIT 2:
The solution was to use manual partition configuration in the graphic installer. I had to create the boot partition outside the encrypted volume, create an encrypted volume with the rest of the disk, make an LVM group in the encrypted volume thus created, and then create the root and other volumes within the volume group.
I made a 30GB swap partition since Linux has no well-maintained truly dynamic swapfile manager (although I may try my luck with swapspace); and Linux is useless once the swap partition is used up – worse than Windows when there is no more space on the disk for the swapfile. Without a huge swap partition, just open a lot of tabs, a really large spreadsheet and a really large log file, and you may be forced to do a hard reboot as the HD grinds and grinds and grinds.
I'm sporting a whopping 1GB RAM on a Pentium Dual E2200 on my server computer! It'll make a nice small server in addition to my main desktop one.
I chose not to install any desktop, but just the tools and servers; and then upon reboot, I did
apt-get update
apt-get install plasma-desktop
apt-get install sddm
because I don't want the default bloatware. I made sure I can log in as su, since I can do su and log in on the console to install stuff system-wide (i.e., for all users; otherwise, I might be locked out of su access). The biggest problems is that Discover(=Software Center) runs too slow to be usable, and it only has picked up my MBs SPDIF audio output, not my regular audio ones yet. At least it doesn't grind the swap partition a huge amount when attempting to use Discover. However, I can install what I need via apt-get, and Konqueror and other stuff runs fine. Of course, as with many challenging problems, in retrospect, doing this doesn't seem as difficult as when I tried to do it myself without a guide. I guess that'll bring at least this extended round of distro hopping to an end :P.
Best Answer
How to manually partition your Debian install with full disk encryption
I am going to outline the steps to take using the
netinstallISO on Virtual Box. These steps should work the same as any of the full Desktop environment installers with Desktops. (Do note that near the end of thenetinstall, you can choose a Desktop environment of your choice.)I will also be including a link to the Debian Buster Installation Guide provided by the Debian Installer team. It covers everything needed to get started with Debian.
I am going to include screenshots of each step, but will start at the partition disks section. If you have issues with any previous step in the installer, please refer to the installation guide.
When it comes to manual partitioning, there are a few ways we can do this, and the choice is yours. Remember to do what makes sense in your environment and always check with the official documentation or the Debian wiki for advice.
Step 1:
Once reaching the partition disks menu. Select Manual
Step 2:
Select your drive. In my case, I have a 64 GB VBOX HARDDISK. In your case you could have a 1 TB Hard Drive, or a 128 GB SSD, or whatever. Pay special attention to what disk you select. You may see your flash drive and other attached disks. Make sure you are selecting the right disk! We will be formatting and encrypting this disk. All contents will be erased! Select continue after selecting the drive you are installing Debian on.
Step 3:
If you are using an entire disk for your Debian install you will need to format the drive. Select yes to create new empty partition table. Select continue to move on.
Step 4:
If you are wishing to use whole disk encryption, select Configure Encrypted Volumes, and then continue.
Step 5:
Select Yes to agree to having the partitioning scheme written to disk and then continue.
Step 6:
Select Create encrypted volumes, then continue.
Step 7:
Select the devices to be encrypted. In This case it is my 64424MB drive. In your case it will be something different. Make sure you are selecting the correct drive. The encryption process will overwrite the disk.
Step 8:
I leave everything as the default except that I change the Bootable flag to On. You can customize this to better suit your environment.
Step 9:
Again, You will be asked if it is okay to write the current partitioning scheme. Select Yes and continue.
Step 10:
Back at the encrypted volumes menu, select Finish and continue.
Step 11:
If you selected the erase data option (a default) you will be asked if this okay. Agree and continue. This process took me about 20 minutes to complete.
Step 12:
At this point you will create your encryption password. Enter it in twice and continue.
Step 13:
Now you will be back at the main Partition Disks menu. The next step is to configure the Logical Volume Manager (LVM). Select that and continue.
Step 13:
You will be asked to write the current partitioning scheme before you continue. Agree and continue.
Step 14:
Now we are at the LVM configuration menu. Select Create Volume group and continue. At the next screen you will be prompted to name your new volume group. Choose a name that works best for you. I used vg-1. In the future you may be installing to a machine that has many volume groups. Just use something that you can recognize as the volume group for this Debian install.
Step 15:
The next step is to select the partition or disk that your physical volume will be taking up. Select your encrypted volume and continue.
Step 16:
After we have configured a physical volume, we need to create logical volumes.
Step 17:
When creating a logical volume, you need to select a volume group, give the logical volume a name, and size. This is going to be a boot partition so I have named it and sized it accordingly. Note that for gigabytes you use a G. 1 Gigabyte is more than enough for a boot partition. I will cover why I chose each partition size later.
Step 18:
Here I am showing the LVM configuration for my virtual machine. I like to have a 1 GB or larger boot (you certainly don't need it larger than 1 GB), and separate root and home partitions. In this case, as it is a virtual machine, I have a smaller home than root. If you plan on saving a lot of files, or using this install as your personal or work computer make sure to size your home to be enough.
If this was a 1 TB hard drive I would likely dedicate around 25% of the disk to root, have my swap and boot (appropriately sized), and the rest for home. So, roughly 200+ GB for root, 1-2 GB boot, possibly a 16 GB swap, and then 700+ GB for home. Swap is usually double your RAM, but with an 8 GB or more system you likely do not need swap to be bigger than your RAM. Swapping too much can trash your disk and when you use 16 GB of RAM that really is a lot. You either need more physical RAM for what you are doing or figure out what is causing such high RAM usage. Swap was great when systems only had 64 megabytes, and hard drives could have a 2 gigabytes (or 2,000 megabtyes).
Step 19:
Now that we have configured LVM we need to actually configure the partitions on the drive. Back on the main partition disks menu, it should like something like this:
Double click or select a partition (In this case boot) and configure it appropriately.
As the screen shots show, I am configuring this partition to be an ext4 filesystem, mounted at
/boot, and labeled as boot. You likely will also be using an ext4 filesystem. For each of your logical volumes (which you should have labeled!) do the same. Here is what you do for the swap one:Step 20:
Now you are back to the main menu, it should look like this:
Now you complete the installation process as you normally would. Remember to install GRUB on the drive with your
/boot(If you are using only 1 disk, this is the disk your install is on). You can also set up a one to two GB boot partition OUTSIDE the encrypted LVM either on a flash drive or on the disk but outside of the encrypted area.In Conclusion
I have done this install many times over. I am very familiar with the Debian and other similar installers because I used to distro hop every month. You can know what works and does not work after a lot of practice yourself. You do not have to have this identical. As you can see, you can size and label things however you want. However, Root should be at least 20 GB (more if you install a lot of stuff), and boot at least 500 MB, and swap roughly 2 times or equal to your RAM on 8 GB or less systems. Some people forego swap all together but what works for you is different than anyone else.
So practice this on VM, or a spare laptop or if you are brave, the only computer you own. Depending on the disk size, what you are doing with that computer, what kind of computer it is, and what your needs are are going to determine what partitions you need or do not need.
The simplest partitioning scheme would be 2 partitions. A swap partition, and the rest of the disk as
/.Read the installation guide to know more about the Debian Installation process.
Best of Luck!