Pop!_OS 21.04 BTRFS-LUKS install guide, automatic system snapshots & rollback with Timeshift
ฝัง
- เผยแพร่เมื่อ 17 ต.ค. 2024
- All commands and the written guide: mutschler.eu/l...
If you want to support the creation of such videos: buymeacoff.ee/...
---------------------------------------------
In this video we'll install Pop!_OS 21.04 with the following structure:
a BTRFS-LVM-inside-LUKS partition for the root filesystem
the BTRFS logical volume contains a subvolume `@` to mount `/` and a subvolume `@home` to mount `/home`. Note that the Pop!_OS installer does not create subvolumes on BTRFS besides the top-level one, so this requires these manual steps.
Timeshift is set up to automatically create snapshots of the system
timeshift-autosnap-apt is set up to automatically take snapshots of your system after any APT command and also to rsync your EFI partition into the snapshots for flexible restoring options
---------------------------------------------
Contents
01:56 - Boot into live environment
02:29 - Prepare partitions manually with GParted
05:13 - Create LUKS2 partition and LVM structure
07:54 - Use graphical installer to install Pop!_OS
10:43 - Post-Installation steps
14:20 - Changes to fstab
16:21 - Encrypted Swap with hibernation in cryptdata
16:39 - Add discard to cryptdata for proper SSD/NVME trimming
16:51 - Changes to systemd bootloader
18:30 - Changes to kernelstub configuration
19:06 - Chroot into your subvol @
20:02 - Update your initramfs
20:15 - Reboot
22:16 - Some checks
23:33 - Update the system
24:36 - Make sure trim works for SSD or NVME drives
26:14 - Install and setup Timeshift
29:53 - Install and setup timeshift-autosnap-apt
32:02 - Outro
---------------------------------------------
IMPORTANT NOTES (I updated the written guide)
-
---------------------------------------------
If you want to support the creation of such videos: buymeacoff.ee/... - วิทยาศาสตร์และเทคโนโลยี
thank you so much for this video. I repurposed a MacBook Air (2011) and trying to get to know BTRFS. Never expected I can achieve this. You are a truly advanced expert and a very good teacher. Keep up the good work.
Thanks for your kind words. I have posted a new guide for 22.04. which you might find also interesting.
The quality of your guide and clarity of the details cannot be overstated. Thank you for sharing your hardwork and for the fantastic guide
Thank you for your kind words!
hell yeah man thank you so much for this guide i watched the 20.04 and had some issues there, i never thought you'll do a 21.04 guide, your the best.
Glad that this time worked for you!
One of the detailed video I have seen. Been following you from the previous videos of Ubuntu.
Thanks!
Das kam genau zur richtigen Zeit! Ich hab mich um das Setup immer gedrückt:-) Vielen Dank!
Viel Spaß damit!
I'm a simple kid, I see a Willi Mutchler video, I then like it.
:-)
New pc coming next week, I’ll follow this guide !
Cool! Let me know, how it goes!
@@wmutschl Flawless ! I installed 21.10, following your 21.04 guide. Went flawless. Yet I do now have a system locking up when apt upgrading to a new kernel, need to investigate some more
It got through. Running 21.10 on encrypted btrfs
Thanks for the update man! Been working on exactly this install the last couple days. And regarding that reminder about trying in a virtual machine first, well, if I was the kind of person who always tested things on a VM first, I wouldn't be so fixated on btrfs and timeshift haha. It's good advice though.
Have some thoughts to share on some slightly different experiments that I did, will post them later
Looking forward to this!
I'm still planning on giving you an update on this. Would have done so sooner but I've been dealing with a genuine family emergency recently. I think I discovered a shockingly simple way to do this.
So hey Mr Mutschler, I wasn't sure about posting the "method" I came across until I figured out where it can go wrong, so speak. I had timeshift compatible subvolumes after just a couple commands, no configuration editing, no fstab, in an mx Linux install. (Btrfs was installed but no subs were set by the distro, like in pop os. ) Seems to work in other distros as well. Can mangle a system badly though. And because of that, I don't want to post what I have figured out so far on your page. It only took me about 15 minutes with these commands to also render my system unrecoverable ( and I insist that I was testing the system and it was totally expected :)
Fantastic guide. THank you!
Glad you find it useful.
Great guide! But how exactly would I enable hibernation? I found a guide to enable hibernate for encrypted swap, but the partition /dev/nvme0n1p3 is "already in use" and it cannot proceed in setting a swap key.
Does hibernation with the automatic encrypted install of POP OS work for you? If yes, then make a note of the partitioning the installer does and of the fstab and crypttab. You should be able to copy that configuration using my guide. Note that hibernation seems to be system dependent and also how large your swap partition is. Honestly, I never use it, because the boottime of Pop OS on a NVME is amazingly fast.
will there be a guide for fedora 35 ? (for BTRFS-LUKS install guide with swap-partition "not zram0", automatic system snapshots & rollback with Timeshift)
I have not yet give Fedora a go, maybe in a couple of months or for Fedora 36.
Thanks for the guide, has been working great, have you had any issues upgrading to 21.10 from this setup?
No, worked fine! But usually I do a clean install just for fun ;-P And also for testing my backup strategy :-)
Excellent HOWTO. Thanks!
You're welcome!
Why is the SWAP partition 4 GB? Is it advisable to make it bigger if your RAM is 32 GB? I mean, when going into hibernation, all RAM content must be saved there, right?
That's a good point. However, Pop's installer also uses 4 GB as default, so I kept it that way. Also it is very unlikely, that I put my system into hibernation with more than 4GB of data in my ram. But again, I am using hibernation very very rarely. Also Fedora has switched to ZRAM which you might want to check out.
I followed your method to set up btrfs file system on pop os 21.04 and I am really enjoying it. For restoring from snapshots , in case pop os current.conf or old.conf refuse to boot up, I opened the pop os recovery and install timeshift and restore from there. It woks fine. I am a newbie to linux and this will help me in tinkering with linux and learning a lot, so thank you Willi. I have some questions though if you may please answer them. First, is there a method to show snapshots in systemd boot menu, since I don't want to use grub-btrfs as I don't want to install grub and have you used snapper in place of timeshift, as I had read on reddit, that a pop os user could not restore from timeshift on btrfs, because timeshift creates writable snapshots, so he used snapper? Thanks a lot anyway for this awesome tutorial!!!
I am not aware of a tool that creates entries for the snapshots in the systemd boot menu (but it should not be too hard adapting grub-btrfs to systemd boot). however, I also just use the recovery system if I need to restore. I have not yet used snapper, but it is well established software in the OpenSuse world, so give it a try! Actually, I have switched to use btrbk on most of my systems as I like the flexibility (but it is not as user-friendly as timeshift).
Hii Willi, awesome video. 20.04 was my first linux distro and been following you since your PopOS-20.04 video. I have a question. I want to install root on my SSD and mount home on my HDD and encrypt both. I want to know if that is possible during the installation process? I found that we can encrypt an extra drive after installation, so I was thinking that first I will follow all your steps, then after installation mount home to my HDD and encrypt it. But, I don't know if it will work and just in case theres a way of doing it duringl installation, I would like to do that. It would be less of an hassle, I guess.
Both ways are possible. I think the easiest way is, however, post-install. So once you got everything working following my guide, encrypt your HDD with luks, format it with ext4 or if you want to use btrfs as well, then create an @home subvolume). Create a key-file to unencrypt this HDD and make your crypttab aware of that (in my Ubuntu guides there is a similar section for the commands, don't forget the update-initramfs). Make your fstab aware of the @home subvolume on the mapped device and map a testfolder /home2 to it (don't forget to create it first). Restart and check whether your HDD is automatically decrypted. If that step was successfull, copy (or move) all your files in /home to /home2. Rename /home to /home.old and /home2 to /home. Adjust your fstab such that /home is mounted to the @home subvolume on your encrypted device. Restart and check if everything is correct. If so, you can delete the @home subvolume on your SSD.
@@wmutschl Did exactly this today and it worked like a charm. For everyone else who is doing this: Don't forget to only mv your /home when you're logged out and chown the new /home with your user. You might get funny side-effects otherwise.
Glad that this worked for you and good points to keep in mind!
I have a doubt how do i set up btrfs if i have ssd + hdd setup (i need a dual boot Windows and Linux )
Usually i just create a root and boot partition on ssd and home on the hdd. But how do i set up btrfs on mine.
You format both the ssd and hdd with btrfs, then you create the @ subvolume on your ssd and the @home subvolume on your hdd. Adapt your fstab to mount / to @ on your ssd and to mount /home to @home on your hdd.
Hi I saw you in fedoras forum trying to implement the auto snap with timeshift to fedora, why not do a guid for installing fedora 34 with luks and swap (since zram doesn’t work to hibernate) and snapper ?
I've heard that the devs are working on a similar auto snap capability with btrfs and it will probably land in Fedora 35 or 36. They are still evaluating which tool to use (timeshift or snapper or something new), so I am looking forward to that. Setting up an encrypted swap partition via the crypttab should work the same in Fedora as in this guide; the command to update the initramfs is just different.
Thank your video! Should i can used /home existing in btrfs? And how?
You can put /home on different partitions or drives. Just format the partition or drive that you want to use for /home with btrfs and create the @home subvolume. Make sure to point it correctly in your fstab and also (if you encrypt with luks), make sure your crypttab is correct.
very helpful,
thank you 👏
Thanks! There is a new video on 22.04. out.
This worked beautifully….and it might be placebo, but I swear it decrypts much faster.
Good to know!
Thank you!
No problem!
Interesting,. Thank you sir.
Very welcome.
Which steps in the written guide need to be changed or skipped if I don't need encryption?
Just use the normal installer and choose btrfs as the filesystem. Then when the install finishes, continue with the guide. Note that your system partition will not be inside /dev/mapper/ but just called /dev/sda4 or /dev/nvme0n1p4 or something like that. So keep that in mind, when following the post-install steps. Also you don't need to update your crypttab.
what would be the performance with LUKS and compresion in an SSD Sata?noticeable from ext4+LUKS?
No for me I don't notice any difference.
[EFI+BOOT+KEYFILE] in Sd Card + [LUKS (LVM (BRTFS (ROOT) (SWAP))] in SDD?
With Linux all is possible :-)
I desperately need your help. I followed your guide but failed. And I'm not even trying btrfs. It's just good old ext4.
I need both Windows and Linux for reasons, and I keep them separated on bare metal.
This is how my table looks like
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 System 512 MB 1024 KB
Partition 2 Reserved 16 MB 513 MB
Partition 3 Primary 200 GB 529 MB
Partition 4 Recovery 1024 MB 200 GB
Partition 5 Primary 16 MB 201 GB
Partition 6 Primary 1536 GB 201 GB
Partition 7 Primary 16 MB 1737 GB
Partition 8 Primary 4096 MB 1737 GB
Partition 9 Primary 134 GB 1741 GB
I want to create and LVM2 (containing Pop!_OS /boot, root i.e. ' / ' and swap) on "Partition 9" and also want to encrypt it with LUKS2; the /boot/efi will go to "Partition 1" (unencrypted) so that systemd-boot can work properly. I am basically doing this to understand LVM2.
I booted a live session from USB and typed in these commands
# Switch to root
sudo -i
# List block devices to choose a partition
lsblk
# Format chosen partition (in this case nvme0n1p9) and map it to a device called cryptdata, which will later contain the LVM
cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/nvme0n1p9
# Unlock the partition
cryptsetup luksOpen /dev/nvme0n1p9 cryptdata
# Make cryptdata a physical volume
pvcreate /dev/mapper/cryptdata
# Add a new volume group as 'data'
vgcreate data /dev/mapper/cryptdata
# Run pvdisplay a verbose multi-line output
pvdisplay -m
# Create logical volume 'boot', 'root' and 'swap' with specified sizes on previously created volume group 'data'
lvcreate --name boot --size 2048MiB data
lvcreate --name root --size 102400MiB data
lvcreate --name swap --size 32768MiB data
# Verify if everything is mapped properly
ls /dev/mapper/
# Close 'cryptdata', 'data-boot', 'data-root', 'data-swap'
cryptsetup luksClose /dev/mapper/data-boot
cryptsetup luksClose /dev/mapper/data-root
cryptsetup luksClose /dev/mapper/data-swap
cryptsetup luksClose /dev/mapper/cryptdata
Next, I installed Pop!_OS via GUI and it failed with exit code: 1. I'll post the log for better debugging.
I think this is something you should talk about with system76, they have great support for their distro POP!_OS and are very helpful!
I love your videos. They are great and I've been able to successfully follow them and get things working without any issues. I recently needed to upgrade my system to a larger drive and I've successfully copied all the data from the old drive to the new drive, but I cannot figure out how to extend the size of the usable space. I'm going from a 1TB drive to a 2TB drive. Any help would be appreciated.
This is a bit tricky but doable. Try googling resizing luks partition, the arch wiki has some good info on that as well. But this is really tricky to get the right sizes etc. So maybe reinstall fresh on the new drive and simply copy your stuff over might be the quicker solution!
Could do using Arch Linux? I could not do even with your material on the site
Of course! You can do anything with ARCH!
Can I use this tutorial on Elementary Os?
Yes, the installer is the same so the steps should also work. HOWEVER, elementary OS uses grub, so you will need to look into my guide on Ubuntu and run some commands from that. I plan to release a video on Elementary OS as well. It's on my To-Do-List
install to pop_os 22.04 step mount after to install
mount -o subvolid=5,ssd,noatime,space_cache,commit=120,compress=zstd,discard=async /dev/mapper/data-root /mnt
mount: /mnt: wrong fs type, bad option, bad superblock on /dev/mapper/data-root, missing codepage or helper program, or other error.
I have posted a new video and guide on 22.04. Basically just skip the space_cache option (and I also skip commit=120, ssd and noatime, because the defaults have become better with newer kernels).
@@wmutschl thanks
How to prevent someone to break the pc using recovery mode? And thanks for the guide really helpful....
Well here is where the luks encryption saves you. Without a way to decrypt the luks partitions no one can access your data from the recovery mode or from some usb live iso or if someone steals your disk.
@@wmutschl i did but after set encryption pop os was not able to boot and redirect to the emergency mode.
If you boot into initramfs something went wrong with most likely the kernelstub configuration file (note the comma after splash) and the update-initramfs. This might also help: mutschler.eu/linux/install-guides/raspi-btrfs/#fails-to-boot-fails-to-unlock-luks-boots-into-initramfs
Also try following the written guide
@@wmutschl okay and how i will restore the snapshots without booting into the system.
Video fedora silverblue 34 please.
I don't use Silverblue so far :-(