Encrypt boot but not detached

I discovered that the installed does not encrypt the boot partition by default, so I followed the guide linked below but I do not want the boot on a separate drive.

Unfortunately I’m not very experienced with grub and all related settings, so is anyone available to show me how to adapt these instructions to work for an installation on the same drive, please?

Yes Its possible, I think i’ve already write about that somewhere in here.

I couldn’t find any post for encrypted boot on same device.

So far I tried your guide and it works with a detached usb, no problem. So I tried to create three partitions (EFI, boot, root) and then follow all the steps (basically same guide but without header partition, and with “/” on a partition instead of a device on its own).

This always leads to this error before creating the keyfiles:

mount: /boot: can't find UUID=<some_uuid>

And that uuid is nothing of value, as uuidB and uuidR are different.

The same kind of error is shown again when I try to boot qubes.

I don’t understand why the process works for detached boot but not on the same device.

take a look at this but don’t wipefs device. You can follow all steps and adjust partition.

Ah yes that’s the guide that I used for the second trials. Just like you suggested I did not run the wipefs command but still error.

I tried with 4 partitions on the same drive (EFI, boot, header, root) and with 3 (EFI, boot, root) but still nothing.

Separate drives, all ok. Same drive, don’t boot.