A question for the community: have any of you been able to successfully install PureOS with a separate /home partition?
what I’m going for is:
unencrypted /boot partition (sda1) for grub
encrypted root partition (sda2) with encrypted LVM containing the following volumes:
With the most recent ISO, I have tried:
within installer: manually partitioning the drive, setting appropriate flags and mount points (/, /boot, /home, swap)
fails with error about being unable to find a target of some sort
in terminal: shredding the drive, then partitioning root (/dev/sda2) and boot (/dev/sda1), setting boot flag, creating physical volume within root (there is no way to create a PV within the installer that I can find); within installer: setting up encryption and volumes
fails due to being unable to access LUKS volume (installer closes the encrypted volume even though I open it before beginning with the installer)
in terminal: shredding the drive, partitioning boot and root, setting up encryption, setting up LVM, and formatting LV’s, setting up swap; within installer: manually selecting the appropriate partition and LVM for things
fails due to being unable to access LUKS volume, same as above
LUKS being encryption. Perhaps trying to do the same process first without any encryption volume?? Or maybe I misunderstood what you were trying to do. I have not much used the more recent Pure Installer, so I am not familiar with what you are doing or seeing. Please come back here and tell me what works, as I likely have less experience with this than you.
This way /boot is unencrypted, and swap, root (/), and home are all encrypted logical volumes under one LUKS key. I know the PureOS installer accomplishes this with a different drive layout. I would be fine with this, but I haven’t been able to get the PureOS installer to work without erasing the home volume.
Considering that my goal is to preserve the /home volume, beginning the process without encryption is not an option.
This issue I run into is that I have to open LUKS via Nautilus or terminal before starting PureOS installer, otherwise the installer sees the LUKS volume as one big volume. The installer does not have the ability to open LUKS on its own, as far as I can tell. When opening LUKS ahead of time, it looks like it will be able to replace the / volume with PureOS, but it fails. The error mentions being unable to remove the / partition. I think this happens because the installer closes the entire LUKS volume before beginning, which cuts its access off to the / volume.
Overall, the installer could be more robust for custom configurations like this, but the key fix to making this possible is preventing the installer from closing LUKS before beginning.
I am not sure if some boot managers will recognize LUKS, and start the process to ask for the key.
My thought being to first install a non-encrypted version of Ubuntu, Then try to install Pure on top of that without formatting the drive, or changing the boot manager.
For security, I had thought it would be wise to put each of my personal information groups into separate encrypted folders, with different Passwords. Encrypting the entire drive can have implications of accessing the information on a back up later, when I have changed the primary password.
I do recall an older post about some oddities with an earlier version of the Core Boot, basic Librem Mobo Firmware had some other limitation. I recall that is was to be fixed by a later version of the Firmware.
To violate the basic means of answering your question: I had thought to open my tower, unplug all the hard drives but one. Using a flash drive with Pure, install to the remaining hard drive, then clone that back to a USB flash drive. Then I only have to solve boot problems, when I clone the Flash Drive to another partition on another computer.
Dedian installer, Ubiquity, Calamares… none of the graphic installers support existing luks partitions.
Generally, I use luks in terminal or Gnome disk before installing.
The exact error will help to confirm if your hypothesis is good.