BTRFS full disk encryption on Ubuntu 24.04

Posted . Visible to the public.

Caution

Only continue if you're a real BTRFS ultra fan.

Manual BTRFS setup

  1. Boot Ubuntu 24.04 Desktop
  2. Go to Disk setup -> Erase disk and install Ubuntu -> Advanced features
  3. Pick Use LVM and encryption
  4. It will setup such a layout
    nvme0n1                     259:0    0 931.5G  0 disk  
    ├─nvme0n1p1                 259:1    0     1G  0 part  /boot/efi
    ├─nvme0n1p2                 259:2    0     2G  0 part  /boot
    └─nvme0n1p3                 259:3    0 928.5G  0 part  
      └─dm_crypt-0              252:0    0 928.4G  0 crypt 
        └─ubuntu--vg-ubuntu--lv 252:1    0 928.4G  0 lvm   /
    
  5. Reboot
  6. Install BTRFS tools: apt install btrfs-progs
  7. Set filesystem type to auto: sed -i 's/ext4/auto/g' /etc/fstab
  8. Disable the swap file: sed /i 's|^/swap|#&|g' /etc/fstab
  9. Create new initrd: update-initramfs -c -k all
  10. Reboot to validate everything is still working
  11. Boot from Live USB again
  12. Unlock the encrypted LVM device
  13. Convert the partition to BTRFS: btrfs-convert --uuid copy /dev/mapper/ubuntu--vg-ubuntu--lv
  14. Enjoy your new Ubuntu 24.04 with BTRFS

Setup BTRFS subvolumes

  1. Boot from Live USB
  2. Mount your BTRFS volume: mount -o subvol=/ /dev/mapper/ubuntu--vg-ubuntu--lv /mnt
  3. Move default subvolume to @
    cd /mnt
    btrfs subvolume snapshot . @
    rmdir @/ext2_saved
    ls | grep -Ev "@|ext2_saved" | xargs rm -rf
    btrfs subvolume set-default @
    
  4. Create additional subvolumes
    btrfs subvolume create @home
    cp -ax --reflink=always @/home/* @home
    
  5. Add to /etc/fstab:
    /dev/mapper/ubuntu--vg-ubuntu--lv  /home  btrfs defaults,subvol=@home  0 2
    
  6. Remove original files after successful migration
  7. Repeat for additional subvolumes. Some suggestions:
    • @home
    • @snapshots
    • @swap
    • @tmp
    • @var_tmp
    • @var_snap_lxd
    • @var_lib_docker

Setup swap file

  1. btrfs filesystem mkswapfile --size 8g --uuid clear /swap/swapfile
  2. Add to /etc/fstab:
    /swap/swapfile none swap defaults 0 0
    
  3. Activate with swapon -a
  4. Delete old swap file: rm /swap.img
Andreas Vöst
Last edit
Andreas Vöst
License
Source code in this card is licensed under the MIT License.