Wow. It took me five attempts to get it right. Here's a video of manual partitioning
...
http://distro.ibiblio.org/refracta/misc … rypt-4.ogv

I think I see now... It took you five attempts, and it took me applying workarounds instead, for my main Devuan Air-Gapped + cloned system(s).
But the two, first 8min of 81min video (the remaining 73min is randomizing the three volumes) and  the second 4 min video, are both on another Devuan system of mine, in the works.

And thanks to your demonstration, I think I can now do it.

I think I'll soon (well, it's late now in Europe, and in your UK, if I correctly placed you in my memory)...

I think I'll soon be able to thank you for making sense out of this tips page...
--
LATER: Yes. It works! Thanks! I'll post the successful encrypted root+swap (and one more partition, just the /boot is unencrypted in the entire 200GB old Western Digital) screencast tomorrow I hope.

Wow. It took me five attempts to get it right. Here's a video of manual partitioning (you can get there from non-expert as well as expert install).

Create a boot partition
Create a partition to be used as physical volume for encryption.
Uh... watch the video.

There are a lot of places where I drop the highlight down below the item I'm about to select, and then move up one line and select it. Did that in case it's hard to read in the red highlight.
http://distro.ibiblio.org/refracta/misc … rypt-4.ogv

I didn't know you were doing it... And I can't view it before I give the links of my videos that show where I get stuck...

Because I just minimally prepared the videos, and I like to post the sooned the more credible, when I document things:

https://www.croatiafidelis.hr/foss/cap/ … rypt-root/
(no HTML at the time of posting this)

But the videos (verifiable with SHA256 hashes, PGP-signed):

https://www.croatiafidelis.hr/foss/cap/ … 81min.webm

https://www.croatiafidelis.hr/foss/cap/ … _2309.webm

show where I'm stuck...

Got to rush (I'm online, and I'm not a wizard... been owned in the past), and then I'll watch your video...

Create a boot partition
Create a partition to be used as physical volume for encryption.
Uh... watch the video.

There are a lot of places where I drop the highlight down below the item I'm about to select, and then move up one line and select it. Did that in case it's hard to read in the red highlight.
http://distro.ibiblio.org/refracta/misc … rypt-4.ogv

I can believe that encrypted install with the debian-installer failed. It is not intuitive or straightforward, but if you can find the right path through the maze, you will get to the end. Here's a guide. Unfortunately, the pictures are long gone, but the words should help you get the steps in the right order. Also, if you go to forums.debian.net and search for posts about encrypted lvm install, you will find a couple of guides.

http://www.debianuserforums.org/viewtop … b033775ccc

Read it, up unto "Adding a keyfile (optional)" (because in the:

/usr/share/doc/cryptsetup/README.initramfs.gz

there is great stuff that I want to re-read (and re-read till I can apply it, such as decrypt_derived) first.

Maybe it's the maze, but I do think I tried the way explained in that guide, but it wouldn't work for me... Not sure, maybe I get a way to retry soon (really don't know...) and be able to tell...

Thanks for caring!

http://www.debianuserforums.org/viewtop … b033775ccc

The regular installer isos use the debian installer, so encryption is supported.

That's what the books say. But, I tried quite a few times. Unfortunately, my Gentoo is broken currently, and I couldn't demonstrate it my usual way, with screencasts and traffic dumps while running Devuan in a VM... (And adapting my uncenz set of scripts for Devuan will take longer.)
But I assure you it was a real no go. Encrypt the partitions -- fine, but can't use them, no setting / on any of the partitions set to be encrypted... Try again. Set a partition to be / , well then you have to set some file system on it (ext4 the usual choice)... And then you can't encrypt them any more... And I didn't want to use LVM, just plain one /boot and the rest of the system all in / and one swap...

It would be great if I could find time and dive into the above more... I trust your word though that it is so, but I couldn't get it to work for me.

I had to chroot into a copied content of my / partition, and run:

# update-initramfs -t

from it, and only then my encrypted / (and swap as well!) were functional. (And there were more interim steps, which I can not remember in detail any more, but they were either what I found in the links or in some manpages available in Devuan installation.) And now that I compiled unoffic-grsec kernel, the initrd for it is just perfect... It all set into place...

The devuan-live isos use refractainstaller, which supports encryption of separate root and/or home partitions. It does not support lvm, and it does not support encrypted swap partition, but it can create a swapfile inside the encrypted root partition.

First of all, installing an encrypted root+swap Devuan system may already be supported in Devuan, but I wasn't able to get it (and I made numerous tries), or if it isn't at the time of writing this how-to, it is likely to be in the future when, kind aspirant Devuaner, are reading it. Pls. check around before  diving in here!

(We need not shy from our precursor's ducumentation, and they cherich it in the free way, and we need to thank them for that:)
https://wiki.debian.org/initramfs
needed, the key to build an encrypted root+swap Devuan system.

LINKS/NAMES OF MAN PAGES

https://wiki.debian.org/InitramfsDebug
my first booting into a freshly installed partially working encrypted root+swap Devuan system was thanks to the sticking of "break" into kernel command line

There's also:
https://wiki.debian.org/CryptsetupDebug
but it hasn't been needed (yet) in my tentatives

Here is where, allegedly by some, encrypted root+swap is available out-of-the-box:
https://wiki.debian.org/DebianInstaller/PartmanCrypto

and also Ubuntu installer claims it can do it, as I read somewhere in some links starting from this page:
https://help.ubuntu.com/community/EncryptedFilesystem

This one is four (4) years old, but it helped me a lot to get going:
http://madduck.net/docs/cryptdisk/

And there is this guide, from my other home-distro:
https://wiki.gentoo.org/wiki/Custom_Initramfs

And maybe bug reports like this:
initramfs-tools: Missing crypto-components in initramfs when explicitly requested
https://bugs.debian.org/cgi-bin/bugrepo … bug=783393

That much for now. And just: after reading the madduck's page linked above (http://madduck.net/docs/cryptdisk/) I slowly started figuring out how to do it...

It's still partly a placeholder. Quickly, if I manage to paste from lynx... Namely I don't (yet) know where to get and how to install
paxctl-ng, and Iceweasel crashes yet, without paxctl{,-ng} treatment...

But, hey, I'm pasting here from my Devuan! ...