• 👁️👄👁️@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      My arch install took some setup to get it specifically right for me, still trying to figure out the final touches. I have the entire thing encrypted and under btrfs sub-partitions. I set up secure boot as well and added it to my tpm. Last thing I got to do is set it up so it automatically decrypts on boot without a password. I’ve been liking this setup over my Fedora setup. I have to worry about smaller breakage every so often, but with Fedora I had to worry about big breakage every major version. Moving most of what I can to flatpak mitigated a lot of that though. I’m too lazy to replicate my arch setup on my laptop so that’s just sticking with Fedora until I decide it should run something else.

      • effward@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Sorry if this is a stupid question, and maybe it’s because I’m not understanding exactly what you’re saying, but what’s the benefit of encrypting if it decrypts on boot without a password?

        Just to prevent someone who boots another OS on your device from being able to access your files? Something else?

        • 👁️👄👁️@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Because changing any hardware will flip the tpm and require a password. If they stole the hard drive, it’d be encrypted. Basically I’m protecting on if they rip out the harddrive lol.