Full Encrypted Btrfs/Native System Root Guide

Introduction
Basically this is post is an extension to Btrfs/Native System Root Guide which adds Dm-crypt and uses Dracut to create the initramfs rather then dealing with the Early Userspace Mounting approach. As the root, which also includes /boot, partition will end up encrypted, we'll store the keyfile to unlock the btrfs raid partitions within the initramfs. This may be a bit unsafer on runtime as the keyfile ends up in memory but we gain a faster boot process without the need to input the password 4 times (2 x grub and 2 x btrfs raid1). I also have an btrs raid6 with 6 full encrypted disks and this would lead me to enter my password 10 times to have a fully working system. so i'm happy with embedding the keyfile within the initramfs.

We'll migrate an existing MD software raid1 to an btrfs raid1 without adding extra disks. So better make backups of your data! I assume the raid members to be  and.

The whole procedure is straight forward but you have to double check a few things i'll mention later. Please carefully read the whole post and pay extra attention to grub2 and dracut.

Required packages
First add the required use flags for the packages. As i'm a lazy person :) i'll use genkernel-next to do the work even if i'll replace the initramfs with the dracut one.

Next unmask the packages (Please change the keyword as needed for your system). We'll use the latest available versions.

install the required packages

If this installs newer kernel sources, please change the symlink either using  or do it manually.