Calamares is the graphical installation program that you’ll most likely use to install many popular and not-so-popular Linux distributions. That’s because its development is not tied to a specific distribution and adoption by desktop distributions has been encouraging.

In this article, you’ll learn how to use its disk encryption feature to enhance the physical security posture of a supported Linux distribution. And we’ll look at how to use that feature when a Linux distribution is being installed in standalone mode and also when it’s being installed alongside Windows 10 in dual-boot setup.

The images used in this article were taken from test installations of Manjaro 16.10 in standalone mode in a virtual environment, and from a dual-boot setup between Manjaro 16.10 KDE and Windows 10 on a Lenovo G50 laptop.

Figure 1 shows the disk partitioning options available on the latest edition of Calamares. The program has no default method.

Calamares disk partitioning options
Figure 1: Disk partitioning options of Calamares

Disk Encryption in Calamares in Standalone Mode

With the Replace a partition option, you can select a free portion of the disk that you wish to install the Linux distribution on, or an occupied partition that you wish to erase. The installer will auto-partition it for you. It will also encrypt it if you select the Encrypt system option.

Calamares replace disk partition
Figure 2: Replace disk partitioning option of Calamares

If your choice is the Erase disk option, then selected Encrypt system, the installer will erase and encrypt the whole disk.

Calamares erase disk partition
Figure 3: Calamares erase disk partition option

At the next screen, after selecting one of the previous options, the installer will display the partitions that will be encrypted. All partitions, including the swap partition, are encrypted.

Calamares disk partition
Figure 4: Calamares disk partition confirmation

After installation and reboot, you’ll be prompted for the encryption passphrase before the GRUB boot menu is displayed. As shown in Figure 5, the system is asking for a passphrase to decrypt hd0,msdos1. That’s the first partition of an MBR-partitioned disk. And this is when you get to experience the benefit of disk encryption. The system will not boot if the correct encryption passphrase is not specified. So if another party gains unauthorized, physical access to the computer while it’s not turned on, you can be rest assured that the system will not boot. The other side of that, is if you forget the encryption passphrase, same deal happens to you. You won’t be able to brute-force your way in.

Calamares decrypting a disk
Figure 5: Calamares decrypting an encrypted disk

This is what happens when the correct disk encryption passphrase is specified – you’re presented with the GRUB boot menu. Now you may boot into your favorite Linux distribution.

Linux GRUB boot menu
Figure 6: GRUB boot menu after disk has been decrypted

Disk Encryption in Calamares When Dual-booting with Windows 10

Setting up a dual-boot system using a Linux distribution that uses Calamares and Windows 10 with the Linux side encrypted is just as easy in standalone mode. The recommended approach to that is to select the Manual partitioning option.

Manual disk partitioning option of Calamares
Figure 7: Manual disk partitioning option of Calamares

This and the next two images show how to create an encrypted custom set of partitions using the installer’s partition editor. In Figure 8, the root partition is encrypted. To encrypt any partition, simply select the Encrypt option, then specify and confirm the encryption passphrase.

Calamares encrypted root partition
Figure 8: Creating an encrypted root partition in Calamares

Same was done when creating the partition mounted at /home.

Calamares encrypted home partition
Figure 9: Creating an encrypted home partition in Calamares

And for the swap partition too. It is very important that you encrypt all partitions, except for a partition mounted at /boot or /boot/efi. Also use the same encryption passphrase for each.

Calamares encrypted swap partition
Figure 10: Creating an encrypted swap partition in Calamares

At the installer’s manual disk partitioning window, the partitions marked for encryption will have LUKS in the File System column.

LUKS-encrypted Linux partitions
Figure 11: LUKS-encrypted partitions created with Calamares in a dual-boot setup with Windows 10

After a successful installation and reboot, you’ll be prompted for the encryption passphrase before the GRUB boot menu is displayed. In this image, notice that the system is asking for a passphrase to decrypt hd0 gpt5. That corresponds to the root partition of the Linux side of the business. Contrast that with the situation in Figure 5, during a standalone mode setup.

Decrypting a disk encrypted with Calamares
Figure 12: Decrypting a disk encrypted with Calamares in a dual-boot setup with Windows 10

Note that on the test system I used for this article, if the GRUB Boot Manager is the default boot manager, I had no problem booting into either operating system. However, when I set the default boot manager to Windows (10) Boot Manager, the system will not boot. What I got instead, is shown in Figure 13. Not sure why, but that’s how it worked on mine. If your experience is different, post a comment.

Figure : GRUB error when Windows Bot Manager is the default in a Calamares disk encrypted setup
Figure 13: GRUB error when Windows Bot Manager is the default in a Calamares disk encrypted, dual-boot setup with Windows 10

And that’s how you can encrypt your Linux installation if the distribution uses the Calamares graphical installer – in standalone and dual-boot mode.

Related Post:  Install BackTrack 5 Revolution 2 on external hard drive


Share on facebook
Share on twitter
Share on pinterest
Share on linkedin

Hola! Did you notice that no longer runs network ads?  Yep, no more ads from the usual suspects that track you across the Internet.  But since  I still need to pay to keep the site running, feel free to make a small donation by PayPal.

Subscribe for updates. Trust me, no spam!

Mailchimp Signup Form

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

One Response

  1. Regarding the problem you’ve encountered preventing you to boot Windows 10 through the Windows Boot Manager on a FDE [Full Disk Encryption] Linux installation you can try the following (credits to Linux22,

    “If you want to resolve this last error you must break a taboo …

    You must edit the ‘grub.cfg’ file in your directory ‘/boot/grub’, search for the menuentry ‘Windows Boot Manager’ and comment out the line ‘cryptomount -u’ with a # …

    Remember that you need root privileges for editing these files.”

Leave a Reply to Homer Nevis Cancel reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter
Mailchimp Signup Form

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.


The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.

Anastasia Marchenkova

An invitation from Anastasia Marchenkova

Hya, after stints as a quantum researcher at Georgia Tech Quantum Optics & Quantum Telecom Lab, and the University of Maryland Joint Quantum Institute, I’m now working on superconducting qubit quantum processors at Bleximo. I’ll be speaking during Algorithm Conference in Austin, Texas, July 16 – 18, 2020. Meet me there and let’s chat about progress and hype in quantum computing.