Installing ZorinOS Core on an SSD and HDD with encryption

Hello everyone,

I want to install zorinOS core on a system with a small ssd and a larger hdd.
I want all of the system partitions on the ssd and the /home partition on the hdd.
I also want to encrypt both drives with 1 password.

I have tried several things after normal/default install, but none of those had the desired effect.

I have the following questions:

  1. What partitions do i need (and their respective sizes
  2. What to do with leftover space on my ssd (a little bit of faster storage could be nice.
  3. Do i need to enable lvm if i want encryption
  4. How do i make sure both drives are encrypted and work with the same password?
  5. There are many contradicting guides. Do i need a /swap, /var /efi?
  6. Should i use btrfs?

Relevant system specs:
Dual boot: No
Ssd: 256gb
Hdd 500gb
Ram: 8gb
Efi boot system

Welcome to the forum RRR.

You will want at least 30GB for your root partition, about the same for your /home partition. Var is part of root and there is a swap file, unless you want hibernation, that is the main reason to have a swap partition (that and if you use VM's)[make it double the size of your ram if you choose this option] .

You can use the tutorial in the tutorials category that runs through partitioning and something else installation method:

https://forum.zorin.com/t/how-to-partition-install-zorin-16/10011/12

Sizes are recommended minimums.

As far as encryption, you may want to try one of the following methods:

Though this is normally overkill for anyone who is not in government or accessing top secret level documentation. Since Linux is inherently secure with the standard permissions and sandboxing of all processes, it begs the question, why do you need encryption on the fs level?

My thoughts for #1: Partitioning during installation

1 Like

Any way to setup luks for both drives and have it work the same as luks for one drive?

And i don't think fde is overkill, especially if it only requires a password on boot. It is on a laptop i take with me frequently, and that is a good way to keep my files secure (incl. My password vault, crypto wallets etc.).

Without fde, i could still access the files by booting into another live os.

It is a bit misleading to say you need to be a secret agent to benefit from fde, especially when you take your machine to many different places in a powered off state. Putting in an extra password isn't a hassle for me at all.

You could enable the administrator bios password, require it to access the hard disk and would have less issues setting up encryption. Since encryption is overkill for me i use this option. There is no limit on password size or what characters you can use.

I don't use encryption and wouldn't know where to begin to enable it per partition or for boot.