Storage configuration
I decided to use LVM volume which is located inside a LUKS encrypted device on another device. In order to decrypt this device automatically i placed a entry inside /etc/crypttab file. Instructions how to create such partition layout are available on dm-crypt/Encrypting an entire system - ArchWiki
- Result of partitioning
Disk /dev/nvme0n1: 476.94 GiB, 512110190592 bytes, 1000215216 sectors
Disk model: WDC PC [REDACTED]
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: [REDACTED]
Device Start End Sectors Size Type
/dev/nvme0n1p1 2048 1000214527 1000212480 476.9G Linux LVM
...
Disk /dev/mapper/cryptdev: 931.01 GiB, 999664852480 bytes, 1952470415 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 16384 bytes / 131072 bytes
...
Disk /dev/mapper/lvm--vm--vg-win: 471.92 GiB, 506722254848 bytes, 989691904 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: [REDACTED]
Device Start End Sectors Size Type
/dev/mapper/lvm--vm--vg-win-part1 2048 206847 204800 100M EFI System
/dev/mapper/lvm--vm--vg-win-part2 206848 239615 32768 16M Microsoft reserved
/dev/mapper/lvm--vm--vg-win-part3 239616 988391423 988151808 471.2G Microsoft basic data
/dev/mapper/lvm--vm--vg-win-part4 988391424 989687807 1296384 633M Windows recovery environment
- Modify
/etc/crypttabfile in order to auto-decrypt luks volume using key-file
/etc/crypttab [600]
lvm-vm /dev/disk/by-partuuid/5cbcee7f-5822-4dfe-b662-44e063e643c0 /path/to/lvm-vm.key x-systemd.device-timeout=5s