My arch install took some setup to get it specifically right for me, still trying to figure out the final touches. I have the entire thing encrypted and under btrfs sub-partitions. I set up secure boot as well and added it to my tpm. Last thing I got to do is set it up so it automatically decrypts on boot without a password. I’ve been liking this setup over my Fedora setup. I have to worry about smaller breakage every so often, but with Fedora I had to worry about big breakage every major version. Moving most of what I can to flatpak mitigated a lot of that though. I’m too lazy to replicate my arch setup on my laptop so that’s just sticking with Fedora until I decide it should run something else.
Sorry if this is a stupid question, and maybe it’s because I’m not understanding exactly what you’re saying, but what’s the benefit of encrypting if it decrypts on boot without a password?
Just to prevent someone who boots another OS on your device from being able to access your files? Something else?
Because changing any hardware will flip the tpm and require a password. If they stole the hard drive, it’d be encrypted. Basically I’m protecting on if they rip out the harddrive lol.
My arch install took some setup to get it specifically right for me, still trying to figure out the final touches. I have the entire thing encrypted and under btrfs sub-partitions. I set up secure boot as well and added it to my tpm. Last thing I got to do is set it up so it automatically decrypts on boot without a password. I’ve been liking this setup over my Fedora setup. I have to worry about smaller breakage every so often, but with Fedora I had to worry about big breakage every major version. Moving most of what I can to flatpak mitigated a lot of that though. I’m too lazy to replicate my arch setup on my laptop so that’s just sticking with Fedora until I decide it should run something else.
Sorry if this is a stupid question, and maybe it’s because I’m not understanding exactly what you’re saying, but what’s the benefit of encrypting if it decrypts on boot without a password?
Just to prevent someone who boots another OS on your device from being able to access your files? Something else?
Because changing any hardware will flip the tpm and require a password. If they stole the hard drive, it’d be encrypted. Basically I’m protecting on if they rip out the harddrive lol.