MXLinux install, multiboot with LVM+LUKS

These are some simple steps to follow so I don't get lost again if I do the same.

Everything is done from the MX25 live on UEFI.

Prepare the disk

So just encrypt, overwrite with zeros, then make the partitions and encrypt again. Before making the partition I created a GPT table. Everything was done using GParted. In my case, the partitions are:

• Boot (ext4)
• ESP, EFI (fat32)
• LUKS-encrypted (ext4)

TODO: reasoning why /boot has to be unencrypted, and apparently it must. And I must use GRUB bootloader if I have more than one root partition. Ideally, I think I can have one config for grub for each OS on the efi partition, which makes updating and selecting the kernel easier later on (in my case, I just press F12 and see the booting options).

Creation of the crypt partition and lvs

      cryptsetup luksFormat --hash=sha512 --key-size=512 --cipher=aes-xts-plain64 --verify-passphrase /dev/sdb3
      cryptsetup luksOpen /dev/sdb3 sdb3_crypt
      pvcreate /dev/mapper/sdb3_crypt
      vgcreate hanuman /dev/mapper/sdb3_crypt
      lvcreate -n swap -L 15923M hanuman
      ... (similar with other lvs)
    

Mounting, chrooting, and making the system bootable

      cryptsetup luksOpen /dev/sdb3 sdb3_crypt
      mount /dev/mapper/hanuman-mx25 /mnt
      mount /dev/sdb1 /mnt/boot
      mount /dev/sdb2 /mnt/boot/efi
      for i in /dev /dev/pts /proc /sys /sys/firmware/efi/efivars /run;do mount -B $i /mnt$i; done
      mount -B /etc/resolv.conf /mnt/etc/resolv.conf
  

Some of the previous mounts are unnecessary for what we are doing here. Mounting resolv.conf is only useful when you need to use the network of the host.

      chroot /mnt

      add line to /etc/fstab: <UUID of boot partition> /boot ext4 discard,noatime 1 1

      grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=mx25
      update-initramfs -uk 6.12.48+deb13-amd64
      update-grub
  

had to copy contents of /boot to /dev/sdb1 (I spent a whole day stuck because I did not understand why initramfs didn't create itself the config to create the kernel image, I guess it is only supplied by the installation disk, idk).

Instead of using the UUID as identifier, it can be less hassle using the path to the device. Especially if you want to clone it.

      for i in /run /sys/firmware/efi/efivars /sys /proc /dev/pts /dev /boot/efi /boot; do umount /mnt$i; done
      umount /mnt/etc/resolv.conf
      umount /mnt
      vgchange -a n hanuman
      cryptsetup luksClose sdb3_crypt
  

Reboot and select your bootloader.