On Monday, March 24th, 2025 at 10:28, Ralph Ronnquist <rrq@???> wrote:

> On Mon, Mar 24, 2025 at 09:50:29AM +0000, g4sra wrote:
>

> > Replying on phone, hope this reads OK<br><br>-------- Original
> > Message --------<br>On 24 Mar 2025, 02:58, Ralph Ronnquist <
> > ...
>

>

> The above was just my post so it can be snipped.
>

--- ditto ---
>

>

> Yes, you might not consider your setup unusual but I think the partman
> developers would probably disagree :) Even I want to think of it as a
> slightly off the mainstream setup. Anyhow good that you worked it out!
The problem is I can't get UEFI to work, I *am inexperienced* with it but I can no longer avoid it due to hardware constraints.



To me LUKS on top of LVM is illogical.

Maybe you can answer the following...
Is it now possible to resize or snapshot LUKS partitions ?
I am not up on LVM built-in encryption or on what may end up out of bounds (Flash, not spinning rust) when LUKS full disk encryption is not used.

I always work on the premise that storage (with other peoples confidential data on it) may need to be sent back under warranty with no way to wipe it.
I assume the reason it became popular with Debian was pressure from Ubuntu for their brain-dead 'mount encrypted User Home at login' which totally conflicts with (last time I looked) other countless standard ways of working (NFS, SSH, etc). Want User isolation ? shove em in an unprivileged LXC container (bluetooth wont work, shame)!

Going to have to resort to installing EXT4 -> LVM -> Silicon, confirming UEFI boots, backing the whole lot up, reforming as F2FS -> LVM -> LUKS -> Silicon, restoring from backup and then hacking around in a chroot for an hour with UUID's and initramfs building.. Ho Hum..thank heavens my workstation is UEFI free.

If you have a better idea please shout, with that much work I would rather debootstrap which I would if I knew how to make UEFI work afterwards.