paritybit.ca

Installing Debian 10 Buster with Encrypted LVM and btrfs Subvolumes

Author: Jake Bauer | Published: 2020-07-14

Introduction

Debian currently supports formatting partitions with btrfs, but doesn’t support creating subvolumes from within the installer. Below I will detail the process of getting subvolumes on your root file system with optional LVM encryption, should you desire. Once you’re familiar with this procedure, you will find that it is actually a lot easier than it seemed at first!

This procedure has been adapted from this video found on YouTube: Debian 9 | Installation mit Btrfs Subvolumes (Debian Wochen) by YouTube user “unicks.eu”. This video is in German but you don’t need to understand the language to follow the steps on screen. This tutorial aims to expand on the content of the video by approaching it from the perspective of wanting encrypted partitions and it also provides an English-language reference to the content of the video.

Procedure

After downloading a Debian installation image and putting it on a CD/DVD/USB, boot it and choose Advanced options > Expert install (or Graphical expert install if you want).

Run through the installation as normal until you reach the section on partitioning:

The Debian installer disk partitioning menu

On this screen, if you want an encrypted root file system then you probably want to choose the option Guided - use entire disk and set up encrypted LVM. If you are working with a disk that already has an operating system on it which you wish to keep or if you have more complicated partitioning needs, you will have to choose Manual and create the partitions necessary for your configuration.

Once you have run through the setup of the partitions you should now see a screen similar to the one below:

The screen showing the overview of the currently configured partitions and mount points.

Select your root file system (the one with the / as the mount point), change the Use as: field to btrfs journaling file system and select Done setting up the partition. After this, select Finish partitioning and write changes to disk, following the prompts until you arrive back in the installation menu. This will apply the chosen partitioning scheme.

After this and before continuing with the installation, type Ctrl+Alt+F2 to be put into a shell. Press Enter to activate this shell and follow the following procedure to set up subvolumes:

The busybox terminal on tty2.

Use the df command to view what the current mounted partitions are. In my case there is /dev/mapper/debianbtrfs--vg-root mounted to /target and /dev/vda1 mounted to /target/boot. /target is the place where the Debian system files will be installed. We need to change and set some things up so that it becomes a btrfs subvolume.

The output of the df command.

The first step is to unmount both /target/boot and then /target using the umount command.

Then, mount the btrfs root volume (i.e. the volume that used to be mounted to /target hereby referred to as BTRFS_VOLUME) to /mnt and then cd /mnt.

Create the desired subvolumes with btrfs subvolume create SUBVOLUME_NAME. I have created @, @home, and @snapshots.

Following this, mount the root subvolume to /target like so: mount -o noatime,compress=lzo,space_cache,subvol=@ BTRFS_VOLUME /target.

There are quite a few compression algorithms available for use with btrfs now; learn more on [the btrfs wiki](https://btrfs.wiki.kernel.org/index.php/Compression). I personally use zstd.

Now we want to mkdir -p /target/etc and copy /mnt/etc/fstab (and /mnt/etc/crypttab if you are using encrypted LVM volumes) into /target/etc. Once this is done we can rm -r /mnt/boot /mnt/etc /mnt/media otherwise these directories will remain in the final installation (which isn’t a big deal but this is done just for the sake of cleanliness). When this is done, unmount /mnt.

The next step is to make the necessary subdirectories in /target for your subvolumes. I did: mkdir -p /target/home /target/.snapshots. Now, mount the rest of the subvolumes the same way as before like we did for the root subvolume. Also, mount the boot partition (which in my case resides on /dev/vda1 to /target/boot/efi (or just /target/boot for a legacy BIOS system). The following screenshots show the exact commands that I ran:

All of the commands run as described above (minus mounting boot).
The commands run to mount the boot partition.

Now, edit /target/etc/fstab (you must use nano as unfortunately there is no version of vi in this busybox configuration) and add the relevant entries to mount your subvolumes on boot. These should look the same as the entry that already exists but you will have to change the options from default to the ones that we used above when mounting our subvolumes and you will have to change the mount points. For example, the line for mounting the root filesystem will go from:

/dev/mapper/debianbtrfs--vg-root    /   btrfs   defaults    0   0

to:

/dev/mapper/debianbtrfs--vg-root    /   btrfs noatime,compress=lzo,space_cache,subvol=@ 0   0

Where the other lines will look similar:

The contents of the /target/etc/fstab file after modification.

Once this is all done and you have saved your changes, you may exit out of this terminal (Ctrl+D) and return to the installation (Ctrl+Alt+F1). Proceed with the installation as normal and, when you boot, you should have a btrfs filesystem working with subvolumes!

If you get stuck somewhere, try asking in the many helpful areas of the Internet such as the Debian User Forums, the #debian IRC channel on the Freenode network, or the debian-user mailing list. See this resource for more information on getting help with Debian.

This is my seventy-first post for the #100DaysToOffload challenge. You can learn more about this challenge over at https://100daystooffload.com.