If you use the same LUKS container for the swap file and the root partition, you’ll only need to enter your password once to unlock the single LUKS container. The UEFI bootloader can then load the kernel and initramfs from the encrypted partition without a separate boot partition.
If all you’re trying to protect against is someone ripping out the SSD and running away with it, you can even go as far as have an encrypted filesystem without ever having to enter any password by leveraging the TPM. A TPM can also help strengthen a password encrypted partition, but the password free encryption makes encryption as easy as Bitlocker on Windows 11. Sadly, there’s not a lot of support for this in most distro installers.
Shrinking partitions is quite annoying already because you have to do that offline, and my LUKS+BTRFS setup isn’t very well suited for advanced partition operations. I’d also need to enter my password twice if I don’t retroactively add LVM to the mix. BTRFS works perfectly fine, but its management tools aren’t as reliable and mature as their ext4 counterparts.
If you use the same LUKS container for the swap file and the root partition, you’ll only need to enter your password once to unlock the single LUKS container. The UEFI bootloader can then load the kernel and initramfs from the encrypted partition without a separate boot partition.
If all you’re trying to protect against is someone ripping out the SSD and running away with it, you can even go as far as have an encrypted filesystem without ever having to enter any password by leveraging the TPM. A TPM can also help strengthen a password encrypted partition, but the password free encryption makes encryption as easy as Bitlocker on Windows 11. Sadly, there’s not a lot of support for this in most distro installers.
Shrinking partitions is quite annoying already because you have to do that offline, and my LUKS+BTRFS setup isn’t very well suited for advanced partition operations. I’d also need to enter my password twice if I don’t retroactively add LVM to the mix. BTRFS works perfectly fine, but its management tools aren’t as reliable and mature as their ext4 counterparts.