# LUKS on LVM

### If using an old drive

```plaintext
$ fdisk -l
$ fdisk /dev/nvme0n1
# d if existing partitions exist
$ cryptsetup open --type plain -d /dev/urandom /dev/nvme0n1 to_be_wiped
$ dd if=/dev/zero of /dev/mapper/to_be_wiped bs=1M status progress
$ cryptsetup close to_be_wiped
```

### partition with grub

```plaintext
fdisk /dev/nvme0n1
g
n
t
1
n
enter enter enter
w
```

### create encrypted container

```plaintext
cryptsetup luksFormat /dev/nvme0np2
```

create and enter a password

#### open the new container

```plaintext
cryptsetup open /dev/nvme0n1p2 cryptlvm 
```

enter your password

#### prep logical volumes

```plaintext
pvcreate /dev/mapper/cryptlvm 
vgcreate VolGroup /dev/mapper/cryptlvm 
lvcreate -L 10G VolGroup -n swap 
lvcreate -L 128G VolGroup -n root 
lvcreate -l 100%FREE VolGroup -n home
```

#### Format the LVM volumes

```plaintext
mkfs.btrfs /dev/VolGroup/root
mkfs.btrfs /dev/VolGroup/home
mkfs.fat -F32 /dev/nvme0n1p1
mkswap /dev/VolGroup/swap
```

#### Mount the new volumes to begin os installation

```plaintext
mount /dev/MyVolGroup/root /mnt
mount --mkdir /dev/VolGroup/home /mnt/home 
mount /dev/nvme0n1p1 /mnt/boot 
swapon /dev/VolGroup/swap
```

#### installation

do the entire [2\. Installation](https://wiki.archlinux.org/title/Installation_guide#Installation) section and [3\. Configure the System](https://wiki.archlinux.org/title/Installation_guide#Configure_the_system) up to "3.5. Network configuration" from the Arch Wiki

**NOTE: if you get the "Fix "invalid or corrupted package (PGP signature)" error then do**

```plaintext
pacman -S archlinux-keyring 
```

and rerun the pacstrap command

**NOTE: include "btrfs-progs' in the pacstrap command**

```plaintext
pacstrap /mnt base linux linux-firmware btrfs-progs lvm2
```

for "3.6 Initramfs" go back to the dm-crypt article and do [3.4. Configuring mkinitcpio](https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2) and "3.5 configuring the bootloader"

#### bootloader

First, install the bootloader, I just use [grub](https://wiki.archlinux.org/title/GRUB#Installation).

```plaintext
pacman -S grub
```

use `blkid` to get the UUID of the 2nd partition with type "crypt-luks"

```plaintext
nano /etc/defualt/grub
```

and add the following to the line

```plaintext
"GRUB_CMDLINE_LINUX=" cryptdevice=UUID=<insert your UUID here>:cryptlvm root=/dev/VolGroup/root"
```

run the grub installer

```plaintext
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="Encrypted Arch"
```

```plaintext
grub-mkconfig -o /boot/grub/grub.cfg
```