Encrypt fedora silverblue
Is there any way to encrypt the disk and ask for a password each time I turn on the pc?
Solution:Jump to solution
Yeah that needs to be done at OS install time. It's an option when you are creating your drive partitions in the Anaconda installer. You will generally see an acronym LUKS. That's the system used to encrypt your drive. Unfortunately, encrypting after the fact is incredibly difficult and honestly not worth it. You would be better off backing up your files to an encrypted external drive and completely re-installing Linux.
18 Replies
Solution
Yeah that needs to be done at OS install time. It's an option when you are creating your drive partitions in the Anaconda installer. You will generally see an acronym LUKS. That's the system used to encrypt your drive. Unfortunately, encrypting after the fact is incredibly difficult and honestly not worth it. You would be better off backing up your files to an encrypted external drive and completely re-installing Linux.
Ublue has some just scripts in their images that will also allow you to setup Secure Boot (
ujust enroll-secure-boot-key) and then setup a TPM lock (ujust setup-luks-tpm-unlock) which would allow your trusted hardware to unlock the drive for you. If you were to plug your boot drive into another PC, it would require your encryption password to unlock and mount it.
You don't have to use that if you want to require a password. It's more of a convenience feature while securing your data at rest.Thank you so much
Beware of one thing, though. The password prompt that appears after you boot your encrypted partition is, by default, US layout, at least last time I checked.
The only way to fix it is by running
rpm-ostree initramfs --enable. This will make it so your updates are generally slower, but it will be enabled if you use ujust setup-luks-tpm-unlock as it's necessary. If you also want to use a FIDO2 key, I have a script that works for that as well.oh thank you that is a important info
or more efficiently, using
initramfs-etc
rpm-ostree initramfs slows down updates very muchIt's this command:
I made a mistake with the 1st comment, so I edited it with correct command
You can undone changes here with:
I checked 1 hour ago and it's still in US layout (I didn't know that while typing my password 😅)
yes, however i think it is possible to select layout on anaconda
it would select the main keyboard layouy at that time
Oh hey! That's new!
I'm glad the installer now tells you about it, and gives you a chance to set a "default"
I was sure to have turned the layout to the french one exactly where you did your screen, did it worked for you ?
what do you mean
Even after selecting the french layout on anaconda (for the luks pass), I believe the layout was still the US one. But I could be wrong since I don't remember exactly what happened
In my case I just change the layout on anaconda and the default layout for the passphrase changed
ok thanks, I should retry