Leap-16 Agama with FDE (full disk encryption)

flint · October 16, 2025, 9:20am

Hi all,
I am trying to install Leap-16 with FDE (full disk encryption) without LVM and with boot loader grub2-gls.

As far as I understand, that would mean that the following actions need to be done: With the help of YaST2 a) Remove partitions /boot/grub2/i386-pc and /boot/grub2/x86_64-efi and b) Choose boot loader grub2-gls.

As described in the article MicroOS/FDE to read here.

But, with Leap-16 we are now on Agama.

So I tried to adapt the instructions of the MicroOS/FDE article to Leap-16 Agama , but it didn’t work.

So my questions are:

a) Does the Agama installer support the same features as described in the MicroOS/FDE article when installing Leap-16 with FDE?

b) If yes, how? I could not remove the relevant /boot/grub2 partitions, nor choose the boot-loader…

c) If no, how do I change/migrate from a standard Agama with FDE installation to a grub2-gls with FDE installation? I already tried the instructions in the MicroOS/FDE article (see “Migrating from GRUB2-EFI”), but it didn’t work. But maybe that was my fault…?

Thanks for feedback!

flint · October 17, 2025, 3:48pm

Any comments or feedback…?

deano_ferrari · October 18, 2025, 5:26am

Outside my experience, (so forgive me if I miss detail or understanding), but did you first manage to install Leap-16 with FDE successfully? Are you using TPM2 as well?

If so, you should be able to migrate to BLS for boot entry management, post installation?

sudo zypper in grub2-x86_64-efi-bls
sudo systemctl enable --now grub2-bls-generator.service
sudo update-bootloader --config

Hopefully others who have knowledge can chime in here.

deano_ferrari · October 18, 2025, 5:37am

I see you responded to this topic already (reporting your progress)…

So, are you still seeking support with this?

flint · October 18, 2025, 10:50am

Hi,
thank you very much for your feedback.
Yes, I think I still seek for an answer or a statement. I think there are 2 points here:

1.) The thing is, that we have (had) a perfect installer (yast) with which you could edit and do everything you want. Now we have Agama and the question is, can I do the same things as with yast. In specific, I would like to do an installation of Leap-16 with FDE without LVM and with grub2-gls. This was easy with yast (see the article). And now with Agama? How do I do that? (and what exactly is the benefit of Agama?).

2.) If Agama is not delivering what I seek, then I have to do an unwanted installation and then need to switch to the desired version. So I do a standard Leap-16 Agama installation with FDE (which leads to LVM with grub2-efi, if TPM2 is used I don’t know) and then need to test your commands…
Thank you very much for that!
The test with systemd/grub.efi was nice, but I still have LVM. Also the encryption prompt (at the start-up) is nice but not the same as with grub2-gls prompts (see my older post). So I need some time to start all over…