NVME partitioning best practices

I’m finally going to migrate from running everything from the SD card to using the 512 GB NVMe drive that I got with the Reform. What I would like to do is have separate partitions for root (/) and home (/home). My thought is that once the Reform-specific code from system image V3 makes its way into Debian stable, I would like to get off Sid and onto a more stable release. But I’m not sure the best way to partition the drive to do this. I haven’t partitioned the drive yet; I know there are multiple options that would probably work for what I’m trying to do, but I’m not sure what the pros and cons are for each.

I’m starting the partitioning process using GParted. The first decision is the partition table; my understanding is that the gpt partition table is the best in most cases (assuming the system can boot from it). I think U-boot works with gpt, but wasn’t sure if there are any Reform specific considerations. Eventually I would like to boot from the eMMC (so I don’t need the SD card to boot), but I was going to do that after migrating the filesystem.

The next consideration is how to set up the each partition. The 512 GB drive is honestly probably more than I really need for how I’m using the Reform (mostly for learning C, C++ and Python, as well as general web browsing and ebook reading). I’m planning on making a 128 gb partition for / and another 128 gb partition for /home - leaving the remaining 256 gb free until I find a need for it (my understanding is that gpt allows expanding partitions if there is free space on the disk). But once I start getting into the specifics, the less certain I am about the configuration.

I was going to use the ext4 filesystem for each of the 2 partitions (if only because that has been the default for other Linux distributions that I’ve used). If there are reasons to consider other file systems, I would love to hear them (I’m still learning).

Then there are the other options that GParted gives you when setting up partitions - free space preceding, free space following and align to. I really know nothing about how to set these. As far as partition names and labels, I was going to name the partitions “root” and “home” - but wasn’t sure if there are best practices about what to call them.

I’m also not sure what the best practices are around setting up a swap “partition”. How big should the swap space be? Does it matter if its the first, second or third partition?

Any help would be greatly appreciated.

Your plan to use Debian stable (a good plan) is independent from your partitioning choice, right? I’m just wondering why you mention it in this context.

I don’t think you should wait for all reform-specific code making it into stable before switching to Debian stable. Debian makes a new stable release roughly every 2 years. The next stable release will happen somewhere in the middle of 2023 and the freeze starts January 2023. Most of the patches we need on top of Debian unstable are in the kernel. Some of these patches are not even yet included in kernel.org git. Thus, they will definitely not be included in the next Debian stable release. The next release after that would be in 2025. I guess you don’t want to wait that long?

My own plan is, that once Debian is frozen, convince @mntmn to add a Debian bookworm repo. That way, even though we still need to patch parts like the kernel, reform users will be able to use Debian stable instead of unstable.

You are probably aware of the reform-setup-encrypted-nvme and reform-migrate scripts?

You are partitioning your NVMe SSD drive. The imx8mq SoM cannot load u-boot from nvme but only from SD-Card or eMMC. u-boot itself supports gpt but I don’t see a reason to use gpt over mbr in your case. Your ssd is only 512 GB and mbr supports up to 2 tb. I don’t think any of the features of gpt over mbr are helpful in your case and it might be easier and safer to stick with mbr because it having less features makes it a bit easier to use. Also, eMMC is using mbr partitioning, so the question whether uboot supports it is even less of a concern.

Personally, I do not split / and /home. I don’t see a reason to do so. What is yours?

Yes, ext4 is a solid and very stable choice.

Don’t leave free space and use the maximum space available. Partition names and labels do not matter. Your OS will refer to them by their uuid.

It does not matter where you put your swap on your SSD. If the reform could hibernate, your swap should be at least as large as your ram. Since it cannot, its size is entirely up to you.

Thanks @josch for the helpful information.

Switching from Sid to stable down the line was one of the main reasons I was going to put / and /home on separate partitions. My thought was that I could migrate my existing system image now. Later when I switch to stable, I overwrite the partition with / and can leave my personal files on /home untouched. I’ve never worked with kernel patches before, and I’m not sure if I have the skills needed to get Debian stable running on my Reform before the kernel patches are included.

I’m aware of the scripts, and read through what they do, but there are a couple areas where I could use some clarification.
I’m on the fence about encrypting the NVMe. I know that encrypting drives is generally best practice, but I’m working with a very small threat model. I don’t travel much, and am generally using my Reform at home, so the risk of a bad actor getting ahold of it is low. And I’m really just using the Reform as a learning device so there isn’t even much sensitive information on the device. The biggest threat that I’ve identified is someone getting ahold of saved passwords in my browser or access to my email (which could be used to reset my password on other sites).
I was thinking of only encrypting the /home partition leaving / unencrypted so it’s easier to recover is something goes wrong.
From what I can tell, the reform-setup-encrypted-nvme script encrypts the entire entire drive, which seems excessive for my threat model.

I was going to use the reform-migrate script to copy everthing currently on the SD card to the first partition. Then after that was done and I’m running on the first partition, mounting the second partition and manually copying (rsync) /home to the new partition.

On another machine I used, I kept some free space on the disk which was handy when I wanted to try out a different distro (dual-booting the machine). But that was a more mainstream laptop with a UEFI/GRUB boot process. I’m not sure if that’s even possible with U-boot.

You can do that. Or you can just change your /etc/apt/sources.list from unstable to bookworm and “upgrade” to the next stable release that way.

You don’t need to. We have a Debian repo which includes the patched kernel binaries. The sysimage-v3 sets everything up correctly. Essentially you want this repository:

deb [trusted=yes] https://mntre.com/reform-debian-repo reform main

And you also want to pin the packages from that repository to have the highest priority so that apt does not accidentally install the unpatched kernel:

Package: *
Pin: release n=reform, l=reform
Pin-Priority: 990

I also do separate /home because it makes things easier if I want to dual boot/switch distro/reinstall. I tend to do around 60-80GB for /, 8-32GB for swap, and the remainder for /home. Having said that, on my main machine, all the big stuff (mostly games) are installed on their own dedicated disk, so I can get away with a smallish /

Thanks everyone for the advice. I decided to go with separate / and /home directories for the reasons @loonylion mentioned above (though I’m going to follow @josch’s advice and ‘upgrade’ to bookworm by modifying the sources.list rather than doing a new install).

The one hiccup I ran into in the process was that I had to manually modify /etc/fstab to get the /home partition to automatically mount during boot. But modifying it wasn’t as hard as I was fearing, and my system is running fine.