I’m trying to install Tumbleweed with encryption, and the problem is that I have to enter the encryption key twice. I did a search and found this post by “nrickert” from 2019, and followed the instruction.
“The easy way to do this with openSUSE:
At the partitioning step, you are offered a suggested (proposed) partitioning.
There’s a button you can click for “Guided Setup”. Click on that.
In the next screen (or second screen), check the box to use an LVM. Once you select that, there should also be a box to encrypt the LVM.
There, or on a later screen, there is a place where you can say that you want a separate “/home”. I suggest that. The wording might say “home partition” but it should give you a home logical volume in the LVM.
You should finish up with a partitioning proposal:
An EFI partition if this is a UEFI system);
An encrypted LVM with volumes for root, home, swap”.
Well I did that. When you check on LVM box you also have to check the encryption box so you can enter the encryption password. After that everything is automated. In other words I didn’t get an option just to encrypt the home partition volume, and leave the grub alone. So I’m back to square one. How can I encrypt the hard home partition and leave the grub alone?
I normally use a separate unencrypted “/boot”. Because of that, I only need to enter the encryption key once.
I am not using “btrfs”. If you are using “btrfs”, then it is best to not have a separate “/boot”. That’s so that if you rollback to an earlier snapshot, you will also rollback the kernel. Otherwise things can get confusing. In that case, you can use the suggestion of post #2 in this thread.
Alternatively, consider using an encrypted LVM with only the “/home” and swap file systems. Based on the thread title, that’s closer to what you asked for. But you may need to setup the LVM yourself. Another possibility is to use the guided setup, and tell it that you want a separate “/home”. And then there should be a choice to encrypt that “/home”. But it is best to also encrypt swap.
If you use the same encryption key for “/home” and swap, it should only be requested once during boot.