This makes a world of difference. I know many people may know of it but may not actually do it. It Protects your files in case your computer is ever stolen and prevents alphabet agencies from just brute forcing into your Laptop or whatever.
I found that Limine (bootloader) has the fastest decryption when paired with LUKS at least for my laptop.
If your computer isn’t encrypted I could make a live USB of a distro, plug it into your computer, boot, and view your files on your hard drive. Completely bypassing your Login manager. If your computer is encrypted I could not. Use a strong password and different from your login
Benefits of Using LUKS with GRUB Enhanced Security
- Data Protection: LUKS (Linux Unified Key Setup) encrypts disk partitions, ensuring that data remains secure even if the physical device is stolen.
- Full Disk Encryption: It can encrypt the entire disk, including sensitive files and swap space, preventing unauthorized access to confidential information.
Compatibility with GRUB
- Unlocking from Bootloader: GRUB can unlock LUKS-encrypted partitions using the cryptomount command, allowing the system to boot securely without exposing sensitive data.
- Support for LVM: When combined with Logical Volume Management (LVM), LUKS allows for flexible partition management while maintaining encryption.
Last time I had LUKS setup on my main laptop, there was a surprizingly sharp hit in performance.
I’m glad I have the option, but is it really the most appropriate thing for me to use right now? It just doesn’t make sense to talk about security and privacy without a clear threat model first.
What kind of CPU is in that laptop? The vast majority of x86 CPUs from the past 10 years include hardware acceleration for AES encryption so that the performance hit is negligible.
It’s a Thinkpad P51 with a Xeon chip of some sort. Yeah I don’t know what happened there, only that switching to fedora without full disk encryption has resulted in much greater performance, like a difference between being able to do some gaming or not. So many variable changed there that I don’t even know if the crypto had anything to do with it.
Sigh. It doesn’t impact performance. That had a had a higher chance of being the type of partition you created. Also, in the PRIVACY group are you really confused about why you want privacy?
The type of partition I created was Debian’s default settings at the time.
This is where the threat modeling comes in. The laptop in question is not currently likely to be physically searched - nor does it contain any data that is likely to put me at any risk if it is searched, and the more prudent things I can be doing to protect my privacy have more to do with getting away from Android/Play Store, and being less dependent on other surveillance-capitalism services like YouTube, Google Maps, etc.
I will likely use LUKS again in the future, but there are broader overhauls I need to make to my digital life first.
Look you don’t need to be searched or expecting a search. If someone steals your laptop you are covered SIGNIFICANTLY more if it’s encrypted which gives you privacy because they wouldn’t be able to see your data. Doesn’t matter if it’s a risk to you. It’s for the privacy. It’s the mindset not just the random act
Currently I have fragments of my data stored on at least half a dozen devices that I’ve accumulated over the years. My digital life is as messy as my adhd brain. I plan on setting up a NAS at some point, and will likely both consolidate all my data there and use LUKS. But until then encrypting one drive is the least of my problems.
Although anti-theft tech in my laptop might be kind of neat.