===== What? =====
I found myself on a national holiday, with Fedora32 released, and wanting to upgrade my Fedora31 system. fedup has not failed for me in years, but I want a safety net. I have a single stick around, so let's
  * setup it to boot a Fedora32, for emergencies
  * and use the other part of the stick for backup of my homedir
  * that backup should be encrypted, and also be able to detect bit rot

===== Setup steps, Fedora 33 =====
<code>
# Connect the stick, find out which device it got:
[root@電脳 ~]# cat /proc/partitions 
major minor  #blocks  name

 259        0  250059096 nvme0n1
 259        1     266240 nvme0n1p1
 259        2    1048576 nvme0n1p2
 259        3  248743239 nvme0n1p3
 253        0  240930816 dm-0
 253        1    7811072 dm-1
 253        2  240928768 dm-2
 253        3    7809024 dm-3
   8        0   60063744 sda  <---- 
[root@電脳 ~]# 

### install tools
dnf -y install pv cryptsetup rsync

### Fetch Fedora iso, and directly write it. Takes 2:22min for me. 
URL="http://ftp.jaist.ac.jp/pub/Linux/Fedora/releases/33/Server/x86_64/iso/Fedora-Server-dvd-x86_64-33-1.2.iso"
URL="https://download.fedoraproject.org/pub/fedora/linux/releases/33/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-33-1.2.iso"

wget -O - $URL | pv >/dev/sda

### Switch to unit "GB", create a new partition from
### offset 5GB until the end of the usb-stick
parted /dev/sda
(parted) u
Unit?  [compact]? GB      
(parted) mkpart
Partition type?  primary/extended? p                                      
File system type?  [ext2]?                                                
Start? 5GB                                                                
End? -1                                                                   
(parted) p                                                                
Model: SanDisk Ultra (scsi)
Disk /dev/sda: 61.5GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags: 

Number  Start   End     Size    Type     File system  Flags
 2      0.00GB  0.01GB  0.01GB  primary  fat16        esp
 1      5.00GB  60.5GB  55.5GB  primary  ext2         lba

(parted) quit

### Now let's create LUKS+dm-integrity layer
cryptsetup luksFormat --type luks2 /dev/sda1 \
  --integrity hmac-sha256 --cipher aes-xts-plain64 -v
cryptsetup open /dev/sda1 luksusb
cryptsetup status luksusb
mkfs.xfs /dev/mapper/luksusb
mount /dev/mapper/luksusb /mnt/usbbackup
</code>

===== Actual backup =====
Opening the encrypted device now, doing the backup, and closing. This has to be done each time we want to backup, but the subsequent runs are quicker as only changes are transferred.
<code>
sudo cryptsetup luksOpen /dev/sda4 usbbackup
sudo mount /dev/mapper/usbbackup /mnt/usbbackup

rsync -arv \
        --delete \
        --exclude='Downloads/' \
        --exclude='.wine/' \
        --exclude='.cache/' \
        --exclude='.openra/' \
        --exclude='.local/share/Steam/' \
        /home/chris \
        /mnt/usbbackup/

sudo umount /mnt/usbbackup
sudo cryptsetup luksClose luksusb
</code>

Then you can reboot, and test out the system boots from the usbstick.