B
BlueBuild•5mo ago
Siegfried27

Encrypt fedora silverblue

Is there any way to encrypt the disk and ask for a password each time I turn on the pc?
Solution:
Yeah that needs to be done at OS install time. It's an option when you are creating your drive partitions in the Anaconda installer. You will generally see an acronym LUKS. That's the system used to encrypt your drive. Unfortunately, encrypting after the fact is incredibly difficult and honestly not worth it. You would be better off backing up your files to an encrypted external drive and completely re-installing Linux.
Jump to solution
18 Replies
Solution
Luke Skywunker
Luke Skywunker•5mo ago
Yeah that needs to be done at OS install time. It's an option when you are creating your drive partitions in the Anaconda installer. You will generally see an acronym LUKS. That's the system used to encrypt your drive. Unfortunately, encrypting after the fact is incredibly difficult and honestly not worth it. You would be better off backing up your files to an encrypted external drive and completely re-installing Linux.
Luke Skywunker
Luke Skywunker•5mo ago
Ublue has some just scripts in their images that will also allow you to setup Secure Boot (ujust enroll-secure-boot-key) and then setup a TPM lock (ujust setup-luks-tpm-unlock) which would allow your trusted hardware to unlock the drive for you. If you were to plug your boot drive into another PC, it would require your encryption password to unlock and mount it. You don't have to use that if you want to require a password. It's more of a convenience feature while securing your data at rest.
Siegfried27
Siegfried27OP•5mo ago
Thank you so much
Aura
Aura•5mo ago
Beware of one thing, though. The password prompt that appears after you boot your encrypted partition is, by default, US layout, at least last time I checked. The only way to fix it is by running rpm-ostree initramfs --enable. This will make it so your updates are generally slower, but it will be enabled if you use ujust setup-luks-tpm-unlock as it's necessary. If you also want to use a FIDO2 key, I have a script that works for that as well.
Siegfried27
Siegfried27OP•5mo ago
oh thank you that is a important info
fiftydinar
fiftydinar•5mo ago
or more efficiently, using initramfs-etc rpm-ostree initramfs slows down updates very much
fiftydinar
fiftydinar•5mo ago
It's this command:
rpm-ostree initramfs-etc --track=/etc/vconsole.conf
rpm-ostree initramfs-etc --track=/etc/vconsole.conf
I made a mistake with the 1st comment, so I edited it with correct command You can undone changes here with:
rpm-ostree initramfs-etc --untrack=/etc/vconsole.conf
rpm-ostree initramfs-etc --untrack=/etc/vconsole.conf
benoit_lx
benoit_lx•5mo ago
I checked 1 hour ago and it's still in US layout (I didn't know that while typing my password 😅)
Siegfried27
Siegfried27OP•5mo ago
yes, however i think it is possible to select layout on anaconda
Siegfried27
Siegfried27OP•5mo ago
No description
Siegfried27
Siegfried27OP•5mo ago
it would select the main keyboard layouy at that time
Siegfried27
Siegfried27OP•5mo ago
No description
Aura
Aura•5mo ago
Oh hey! That's new! I'm glad the installer now tells you about it, and gives you a chance to set a "default"
benoit_lx
benoit_lx•5mo ago
I was sure to have turned the layout to the french one exactly where you did your screen, did it worked for you ?
Siegfried27
Siegfried27OP•5mo ago
what do you mean
benoit_lx
benoit_lx•5mo ago
Even after selecting the french layout on anaconda (for the luks pass), I believe the layout was still the US one. But I could be wrong since I don't remember exactly what happened
Siegfried27
Siegfried27OP•5mo ago
In my case I just change the layout on anaconda and the default layout for the passphrase changed
benoit_lx
benoit_lx•5mo ago
ok thanks, I should retry
Want results from more Discord servers?
Add your server