• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Linux How to install Debian 12 with drive encryption and swap file (Best practices)

222222

Advanced OT User
Joined
Jul 3, 2007
Messages
228
Reaction score
183
In this tutorial I will explain, step by step, how to install GNU/Linux Debian 12, with drive encryption (LUKS2), with a swap file, using the Cinnamon desktop environment. This is perfect to use for a main computer at home. This is not to be used on a Debian server, such as one for your OT.

There are not many detailed tutorials online that teach you step by step on how to do this process. Hence, why I decided to post here, as more and more people are switching over to Linux. Encrypting your drive is a very good thing to do. In case anyone ever steals your laptop, your data is safe, using AES-256 (LUKS2) encryption.



Let me first clarify a few things:
Swap partitions and swap files are generally a good idea to have if you have a computer with 16 GB of RAM or less. There is no set limit. But what swap is used for is whenever your computer maxes out on its RAM, it will start using swap. Using swap is very slow and it's only used to ensure the system doesn't crash. Many Linux users do not use swap, especially if they have a lot of RAM. Nevertheless, it is always a good idea to at least have 1-4 GB of swap space available, in case of emergency.

There are multiple ways to add swap to your system. Many used to use swap partitions in the past, but when people realized they can be very hard to resize and repartition, many decided that swap files are a better option. You can add/remove/resize your swap file at any time and it's very easy to do that. So that's why we will be creating a swap file at the last steps in this tutorial.



In short, this tutorial will teach you:
  • How to install Debian 12.5.0 using the Net Installer
  • How to partition your drives
  • How to encrypt your drive
  • How to install the Cinnamon desktop environment (DE)
  • How to create a 4 GB swap file
I wrote down all the steps so that anyone would be able to follow along, without any issues.



First download the Debian 12.5.0 Net Installer ISO from their website:
https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.5.0-amd64-netinst.iso

Burn it to a USB drive using Balena Etcher:
balenaEtcher - Flash OS images to SD cards & USB drives (https://etcher.balena.io/)

Before you start, make sure you have backed up all your data. This process will wipe your entire drive and is going to be used on a new computer.

Then follow all the steps below. You can use both your keyboard or mouse to navigate the installer.



1. Burn the Debian ISO to a USB. Use Etcher to burn the ISO.

2. Boot from the USB.

3. Select "Graphical Installer".

4. Select your language, location, locale and keyboard layout. If no locale can be found, use United States ("en-US").

5. Select your network (Ethernet or WiFi) and connect to it.

6. Choose a hostname, e.g. "debian" (essentially the name of your computer).

7. Do not set a domain name, just leave it blank.

8. Do not set a root password. We will use "sudo" to enter root instead. Leave it blank and continue.

9. Enter your name (it can be anything, typically the same as your username).

10. Enter your desired username.

11. Create a password for your user account.

PARTITIONING - This is where we have to make a lot of changes.
PAY ATTENTION!


12. Select "Manual" partitioning.

13. Select your disk you want to install Debian to (i.e. not the USB drive), and continue.

14. If it asks "Create new empty partition table on this device?" select "yes", and continue.

15. Select your disk where it says "FREE SPACE" and then press "space".

16. Select "Create a new partition", then press "space".

17. Enter the size "1024 MiB" (case sensitive), then continue.

18. Select "Beginning" as the location for the new partition, then press "space".

19. Select "Use as:" and press "space". Go down in the list and select "EFI System Partition", then press "space".
It should now say:
- Name: [blank]
- Use as: EFI System Partition
- Bootable flag: on


20. Select "Done setting up the partition" and press "space".

21. Select your disk in the list again which says "FREE SPACE" (the one with many GB of free space) and press "space".

22. Select "Create a new partition", then press "space".

23. Also set this partition's size to "1024 MiB" (case sensitive), then continue.

24. Select "End" as the location for the new partition, then press "space".

25. It should say "Use as: Ext4 journaling file system" by default. It it does not, make sure to change it to that.

26. Select the "Mount point: /" and press "space".

27. Set its mount point to "/boot" (static files of the boot loader), then press "space".
It should now say:
- Name: [blank]
- Use as: Ext4 journaling file system
- Mount point: /boot

Leave the rest as default.

28. Select "Done setting up the partition" and press "space".

29. Now we will create the partition where Debian will be installed and encrypted.
Select your disk in the list again, where it says "FREE SPACE" (the one with many GB of free space) and press "space".

30. Select "Create a new partition".

PLEASE READ CAREFULLY NOW!

31. Here you can customize the size.
In this example, I will choose "250.0 GB". Then press "continue".

32. Select "End" as the location for the new partition, then press "space".

33. Select "Use as:" and press "space".

34. Select "physical volume for encryption" and press "space".
It should now say:
- Name: [blank]
- Use as: physical volume for encryption
- Encryption method: aes
- Key size: 256
- IV algorithm: xts-plain64
- Encryption key: passphrase
- Erase data: yes
- Bootable flag: off


35. Select "Done setting up the partition" and press "space".

36. Go to the top and select "Configure encrypted volumes" and press "space".

37. Select "yes" to write the changes to disk. Then continue.

38. Select "Create encrypted volumes" then press "space".

39. Find your partition in the list that should be encrypted (the partition you install Debian on).
It's the one that is the size you chose before (in my example, 250.0 GB), and it says "crypto" next to it.
Make sure it is selected (by pressing "space", or using mouse click).
Then continue.

40. Select "Finish" then press "space".

41. Select "yes" to erase the data on this partition, then continue. Wait for it to finish erasing all the data and encrypting it.

42. Choose an encryption passphrase. Remember to write this down. If you forget it, you will not be able to access your data!
Then continue.

43. Select the "Encrypted volume" in the list, and select the partition just below it ("> #1 250.0 GB f ext4"), and press "space".

44. Select "Mount point: none" and press "space".

45. Set the mount point to "/" (the root file system), then press "space".
It should now say:
- Use as: Ext4 journaling file system
- Mount point: /
- Mount options: default
- Label: none
- Reserved blocks: 5%
- Typical usage: standard


46. Then select "Done setting up the partition" and press "space".

47. Scroll to the very bottom and select "Finish partitioning and write changes to disk", then press "space".

READ CAREFULLY NOW!

48. It will ask if you want to create a "swap partition". We will not create one.
Instead, we will create a "swap file" after the installation is done, because they are much better to use.
Select "no" and then continue.

49. Select "yes" to write the changes to the disk, then continue.
It will now apply all the changes to the disk. Let it finish the process.

50. Once it wrote the changes to the disk, select a package manager location near you, then continue.

51. Leave the "HTTP proxy information" empty, then continue.

52. Choose "no" when asked to "Participate in the package usage survey", then continue.

53. Select your desktop environment (DE) of choice. I will be picking "Cinnamon".
So in my case, I will uncheck "GNOME" by selecting it and pressing "space".
Then I will scroll down and select "Cinnamon" using "space".
So I will have the following checked:
- [x] Debian desktop environment
- [x] Cinnamon
- [x] standard system utilities

Then continue.
It will now install the operating system to your computer. Just wait for it to finish installing.

54. When the installation is complete, unplug your USB and select "continue" to reboot.

55. When the system reboots, it will ask you to unlock the encrypted drive. Enter your passphrase you created.

56. When the system starts and the login screen appears, enter your username and password you created.
You will then be signed in to the computer.

PLEASE READ CAREFULLY NOW!
We will now have to create a swap file to be used on the system.
The size of the swap depends on your installed RAM.
In some cases, if you have a lot of RAM, you probably do not even need a swap file.
But nevertheless, I recommend everyone to at least get a 1 GB swap file.
In this case, we will create a 4 GB swap file.

57. Open the terminal and run the following commands to create a 4 GB swap file (4096 MB).
If you are just creating a 1 GB swap file, change "4096" to "1024".

sudo dd if=/dev/zero of=/swapfile bs=1M count=4096
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo swapon --show


58. The swap file has now been created. Now we need to add it to the fstab file:

sudo nano /etc/fstab

59. This will open up the fstab file using the text editor nano.
Now go to the bottom of the file and create a new line, and write the following:

/swapfile none swap defaults 0 0

60. Save the file using Ctrl+O -> Enter -> Ctrl+X

61. Congratulations! You have now installed Debian 12 with the Cinnamon desktop environment, with drive encryption enabled for security, and with a swap file. If you ever want to delete the swap file, use the following commands:

sudo swapoff -v /swapfile
sudo rm /swapfile


Then remove the line you added inside the fstab file:

sudo nano /etc/fstab

And save the file using Ctrl+O -> Enter -> Ctrl+X.

It's that simple! It is much easier to work with swap files than swap partitions. It is very difficult to change the size of them without risking to break the system. A swap file can easily be added or removed.

Now restart the system and the swap file should be active!

I just wrote this together and tested it out on a brand new laptop just now. Following each and every step worked perfectly. I urge you to read carefully, especially while partitioning the drive. If you do something wrong, you will mess up your system.
Post automatically merged:

I would also like to point out that there is no problem with also dual booting with Windows, if you want. Even with BitLocker encryption enabled.

If you dual boot:
When you boot your PC, you will choose which operating system to boot into.
After you have selected your operating system, it will ask to enter your encryption passphrase.

For BitLocker (Windows), or for LUKS (Linux).

But I see no reason to use Windows. But feel free to install it alongside your Linux installation.
Just make sure to leave some unallocated space during Step # 31.

Good luck to you all :)
 
Amazing tutorial as always, and thanks for helping me in private! Keep it up!
 
Just a side note: this method uses LUKS2 encryption which is much stronger than LUKS1 (default). There is an "encrypt disk" during the setup as well, but if you use that you will not get the best encryption method. Hence, why the manual partitioning and encryption is necessary.

Regarding swap: I find swap files to be much better and easier to work with than swap partitions or zRAM. Never used ZSwap though, but it seems to be very similar to zRAM and uses same compression algorithms, which will effect your CPU usage.
 
This is perfect to use for a main computer at home.
if someone needs a tutorial to install linux then there's lots of reasons why not to use it as a main PC. That's at least my opinion.
Nevertheless, good tutorial!:)
 
if someone needs a tutorial to install linux then there's lots of reasons why not to use it as a main PC. That's at least my opinion.
Nevertheless, good tutorial!:)

It's just a matter of untraining years of Windows/Mac habits.
If you would hand me over a Macbook today, I wouldn't have a clue what to do with it. Never used one and probably never will.
It doesn't take long to understand how Linux work though.

Linux was never meant to be used as a desktop operating system. But things have improved so much in recent years, I find it easier to use than Windows these days. It's incredibly user friendly. Just don't expect it to behave like Windows and you'll be fine.
 
Back
Top