Recent searches
Search options
Edit: I'm going with LUKS + BTRFS. Thanks for the responses!
Which file system should I use for an encrypted root partition on Linux for a single disk (no RAID)?
I typically use LUKS + ext4.
I've also used encrypted BTRFS and ZFS but never worked with them to any extent beyond getting them setup. I see distros such as Fedora are now defaulting to using BTRFS.
I'm seeking some advice: Should I stick with ext4? Or use BTRFS? Or ZFS?
@dwarmstrong Do you plan to use any btrfs features? Like snapshots?
@nik Maybe... I'm meaning to install a rolling release distro (Chimera Linux) and having the ability to snapshot/rollback could be a good thing.
@dwarmstrong In that case, I'd use btrfs, and if you want it robust and rolling, use openSUSE Tumbleweed.
If you don't specifically know that you need it, anything other than ext4 is unnecessary complexity.
I say that as a longtime and avid btrfs user.
@dwarmstrong ZFS on root (especially with LUKS) adds significant complexity and a bit of risk with Linux.
FWIW, I use ZFS for almost all of my data storage, but ext4 for the root file system. In my opinion this provides a good compromise between data safety and system complexity.
As I see it: the main advantage of ZFS over Btrfs is its maturity, and the main advantage of Btrfs over ZFS is that it's included in the mainline kernel. If you want what ZFS/Btrfs offer, that's your choice. 
@mkj @dwarmstrong I completely agree! That being said, if I could **easily** have a mirrored ZFS pool for my root NVME based storage on Debian it would desirable. My motherboard has 3 M.2 slots for those.
@mkj @dwarmstrong I’ve been using XFS for root and btrfs for the rest for some years. I’m really considering experimenting btrfs for root too…
David Sommerseth @dwarmstrong I've used LUKS + LVM + xfs with great success since 2010-ish. Never had a fs breakage and LVM gives the needed flexibility.
One major difference between ext4 and xfs is that xfs filesystems can't be reduced in size, only increased.
@dwarmstrong I always put file system partitions directly on top of LVM, as I find it is much easier to expand or move things around later. A single LVM physical volume can host as many partitions as you like. So for an encrypted disk, it is LUKS -> LVM -> ext4. For RAID, mdraid -> LVM -> ext4. Never stacked mdraid on top of LUKS but I don't see why it wouldn't work.
@dwarmstrong I've since many years an EFI partition + the rest LUKS+btrfs on all machines. I'm very happy with it, making the root/home separation with subvolumes instead of fixed partitions 
@9Lukas5 I'm going to give BTRFS a second, closer look!
Three questions:
1. Do you also encrypt /boot?
2. Do you use the snapshots feature?
3. Do you use GRUB as your bootloader, or something else?
@dwarmstrong I used to have an unencrypted /boot with Grub, but I switched to systemd-boot.
Now I have a larger /efi partition and got rid of the /boot partition entirely.
@dwarmstrong I'm on Fedora atm and wrote down what I changed for the systemd-boot option here some time ago:
https://9lukas5.gitlab.io/blog/Verzeichnis/2023/12_replace-grub-with-systemd-boot/index.html
@9Lukas5 Thanks for this!
@dwarmstrong I recently reinstalled #Linux on my laptop and went with #ZFS.
I used native ZFS encryption though, not LUKS. As i don't need hibernation i went with a swap partition that gets encrypted with a new key every boot.
I used #NixOS BTW. 
@MediocreWightMan @dwarmstrong mind sharing the config?
@ethancedwards @dwarmstrong The laptop is a Thinkpad T480s.
I'm linking the configuration.nix file I use for it but you’ll still need to partition the drive and create an encrypted Zpool.
Also including a simple set of instructions for partitioning the drive, setting up the zpool/datasets and installing. Make sure to edit with correct disks!
@MediocreWightMan @ethancedwards The laptop I'm going to do the fresh install on is also a Thinkpad T480s. Very happy with it!
@ethancedwards @dwarmstrong So what i previously posted had some errors in it. It’ll work but boot will be delayed looking for a non-existent swap device.
This is due to hardware-configuration.nix having the swap device defined by UUID (which changes every boot).
The solution is to define the /boot filesystem in configuration.nix and then run “nixos-generate-config —no-filesystems” to get a clean hardware-configuration.nix.
I wrote a blog post with my setup
https://blog.hetherington.uk/2025/02/installing-nixos-on-a-thinkpad-t480s-with-encrypted-zfs-2/
@MediocreWightMan Thank you for this. Good writeup! I've bookmarked it. If/when I give NixOS a try this year its something that will be useful.
I've been sticking with ext4 and LUKS encryption with my Linux Mint systems. Only reason I use ZFS is for my TrueNAS server.
@wolfinpdx LUKS + ext4 is also my goto setup on Linux Mint (Debian Edition).
I like LMDE. If they ever decide to move off Ubuntu for Debian as the basis for the main distro, I will definitely switch to it.
@dwarmstrong ext4 is fine, altho I've used btrfs/luks for years without a single issue. the features are just a bonus, and it's in kernel