I discovered that the installed does not encrypt the boot partition by default, so I followed the guide linked below but I do not want the boot on a separate drive.
Unfortunately I’m not very experienced with grub and all related settings, so is anyone available to show me how to adapt these instructions to work for an installation on the same drive, please?
I couldn’t find any post for encrypted boot on same device.
So far I tried your guide and it works with a detached usb, no problem. So I tried to create three partitions (EFI, boot, root) and then follow all the steps (basically same guide but without header partition, and with “/” on a partition instead of a device on its own).
This always leads to this error before creating the keyfiles:
mount: /boot: can't find UUID=<some_uuid>
And that uuid is nothing of value, as uuidB and uuidR are different.
The same kind of error is shown again when I try to boot qubes.
I don’t understand why the process works for detached boot but not on the same device.