Encrypt fedora silverblue

Is there any way to encrypt the disk and ask for a password each time I turn on the pc?

Solution

Yeah that needs to be done at OS install time. It's an option when you are creating your drive partitions in the Anaconda installer. You will generally see an acronym LUKS. That's the system used to encrypt your drive. Unfortunately, encrypting after the fact is incredibly difficult and honestly not worth it. You would be better off backing up your files to an encrypted external drive and completely re-installing Linux.

Jump to solution

Solution

Luke Skywunker•7/27/24, 8:03 PM

Luke Skywunker•7/27/24, 8:07 PM

Ublue has some just scripts in their images that will also allow you to setup Secure Boot () and then setup a TPM lock () which would allow your trusted hardware to unlock the drive for you. If you were to plug your boot drive into another PC, it would require your encryption password to unlock and mount it.

Luke Skywunker•7/27/24, 8:08 PM

You don't have to use that if you want to require a password. It's more of a convenience feature while securing your data at rest.

Siegfried27OP•7/27/24, 9:10 PM

Thank you so much

Aura•7/27/24, 10:49 PM

Beware of one thing, though. The password prompt that appears after you boot your encrypted partition is, by default, US layout, at least last time I checked.

The only way to fix it is by running . This will make it so your updates are generally slower, but it will be enabled if you use as it's necessary. If you also want to use a FIDO2 key, I have a script that works for that as well.

Siegfried27OP•7/28/24, 12:42 AM

oh thank you that is a important info

AAura Beware of one thing, though. The password prompt that appears after you boot you...

fiftydinar•7/28/24, 7:11 AM

or more efficiently, using

fiftydinar•7/28/24, 7:11 AM

slows down updates very much

Ffiftydinar or more efficiently, using `initramfs-etc`

fiftydinar•7/28/24, 10:03 AM

It's this command:

fiftydinar•7/28/24, 10:03 AM

fiftydinar•7/28/24, 10:08 AM

I made a mistake with the 1st comment, so I edited it with correct command

fiftydinar•7/28/24, 10:08 AM

You can undone changes here with:

AAura Beware of one thing, though. The password prompt that appears after you boot you...

benoit_lx•7/28/24, 2:39 PM

I checked 1 hour ago and it's still in US layout (I didn't know that while typing my password

)

Siegfried27OP•7/28/24, 2:54 PM

yes, however i think it is possible to select layout on anaconda

Siegfried27OP•7/28/24, 2:56 PM

Siegfried27OP•7/28/24, 2:57 PM

it would select the main keyboard layouy at that time

Siegfried27OP•7/28/24, 2:58 PM

SSiegfried27 Click to see attachment

Aura•7/28/24, 6:21 PM

Oh hey! That's new!

Aura•7/28/24, 6:21 PM

I'm glad the installer now tells you about it, and gives you a chance to set a "default"

SSiegfried27 yes, however i think it is possible to select layout on anaconda

benoit_lx•7/28/24, 7:32 PM

I was sure to have turned the layout to the french one exactly where you did your screen, did it worked for you ?

Siegfried27OP•7/28/24, 9:03 PM

what do you mean

benoit_lx•7/28/24, 9:24 PM

Even after selecting the french layout on anaconda (for the luks pass), I believe the layout was still the US one. But I could be wrong since I don't remember exactly what happened

Siegfried27OP•7/28/24, 10:10 PM

In my case I just change the layout on anaconda and the default layout for the passphrase changed

benoit_lx•7/29/24, 9:41 AM

ok thanks, I should retry