This makes a world of difference. I know many people may know of it but may not actually do it. It Protects your files in case your computer is ever stolen and prevents alphabet agencies from just brute forcing into your Laptop or whatever.
I found that Limine (bootloader) has the fastest decryption when paired with LUKS at least for my laptop.
If your computer isn’t encrypted I could make a live USB of a distro, plug it into your computer, boot, and view your files on your hard drive. Completely bypassing your Login manager. If your computer is encrypted I could not. Use a strong password and different from your login
Benefits of Using LUKS with GRUB Enhanced Security
- Data Protection: LUKS (Linux Unified Key Setup) encrypts disk partitions, ensuring that data remains secure even if the physical device is stolen.
- Full Disk Encryption: It can encrypt the entire disk, including sensitive files and swap space, preventing unauthorized access to confidential information.
Compatibility with GRUB
- Unlocking from Bootloader: GRUB can unlock LUKS-encrypted partitions using the cryptomount command, allowing the system to boot securely without exposing sensitive data.
- Support for LVM: When combined with Logical Volume Management (LVM), LUKS allows for flexible partition management while maintaining encryption.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 113 users / day
- 519 users / week
- 1.44K users / month
- 4.49K users / 6 months
- 1 subscriber
- 4.31K Posts
- 109K Comments
- Modlog
arch linux was what forced me to use LUKS on all of my installs regardless of distros, btw.
i used the standard layout:/boot, /, /home, swap. So when the installs break, the best way to fix is to use the archiso and remount and re arch-chroot.
Well… i found out that without LUKS, anybody can use any distros live cd and mount my stuff.
At first, I used LUKs only on the main partitions: so / and /home, or just / if no separate /home. Swap remains unencrypted. Boot is also unencrypted.
You could encrypt those too but need more work and hackery stuff:
encrypted boot: can be slow if you boot the compututer from cold. There’s also this thing where you need to enter the password twice => think Fedora has an article to get around this. Iirc, it involves storing the boot’s encrypted password as a key deep within the root directory.
encrypted swap: the tricky thing is to use this with hibernation. I managed to get it to work once but with Zram stuff, I dont use hibernation anymore. It involved writing the correct arguments in the /boot/grub/grub.cfg. Basically tells the bootloader to hibernate and resume from hibernation with the correct UUID.