vm-poolExtend vm-pool instead of adding another pool.
â : You don't need to juggle qubes between two pools like in the secondary storage setup.
â : Chances of data loss due to drive failure are higher.
Locate the device you want to add to the pool using lsblk or other tools.
The algorithm for encrypted partition is a bit different, follow secondary storage : Example setup of second drive until you end up with an auto-mounted luks partition, after that continue with the step 2.
pvcreate $device
vgextend $vg $device
lvextend -l +100%FREE $pool
$device is the device you want to add to the pool. Most likely partition on a physical device, like /dev/sdb1, /dev/nvme1p1, or /dev/mapper/mydevicename if you're using encrypted partition.$vg is the lvm volume group. You can list them using vgs. Most likely you have only one group. If you have more, you can deduct which one you need from outputs of pvs or lvs. See which group is used for qubes' lvs or to which group your existing qubes drive belongs to.$pool is the lvm pool to extend. vm-pool by default, but you can list logical volumes and pools using lvs, it will be listed in the "pool" column for logical volumes of your virtual machines as well as a separate entry.This is very flexible. As you can see, almost anything can be used as the $device, be it physical device, partition, or encrypted partition. Same with the pool, you can add different amount of volume to it, not necessarily all free space available in the volume group. See man lvextend.
On qubes, systemd-cryptsetup handles decryption during boot. It always tries available passphrases before prompting the user for a password. If you have multiple partitions with the same passphrase, you'll only need to enter it once.
If, on the other hand, you want to have multiple partitions with different passphrases unlocked during boot, you will encounter the fact that qubes splash screen doesn't tell what you're currently unlocking. It does not matter. You can enter passphrases in any order, systemd-cryptsetup will figure out what goes where by itself. Even with that, it might be hard to figure out what's going on if you make a typo in one of your passphrases, so let's get more information printed anyway.
There are two ways to print the device name when prompted for a passphrase during boot:
Idk, feel free to contribute... This topic might be a good starting point
GRUB_CMDLINE_LINUX in /etc/default/grub:
rd.plymouth=0 plymouth.enable=0
# If you're using BIOS
grub2-mkconfig -o /boot/grub2/grub.cfg
# If you're using UEFI
grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg
grub2-mkconfig -o /boot/grub2/grub.cfg, see this topicThis disables plymouth and leaves you with concise console output and prompts. If you want verbose console during boot, you can remove quiet parameter from GRUB_CMDLINE_LINUX.
Alternatively, if you don't want to do any of these, but get stuck entering passphrases, you can simply press ESC to exit into console.
As is, with disabled plymouth, you'll end up with UUIDs of devices in the passphrase prompt. I think you can assign aliases to partitions in /etc/crypttab instead...