Installation questions (encryption/tpm/LVM)

Hi folks,

Recently I gave Manjaro a spin since like 2011? Loving the new KDE Plasma and all the improvements that has happened ever since. I guess my series of questions for you all are the following:

Is there a way to encrypt without unlocking through password manually (think, filevault/bitlocker that handles thing for you automatically) I know you can encrypt the partition and set the password and call it a day but looking more into TPM/full disk encryption I guess.

How feasible is it these days to do a full disk encryption with manjaro without jumping through a lot of steps. ?

After installing it on my test laptop I didn’t really see an option to just “hey, fully encrypt your machine”.

Yes. LUKS not only supports passphrases, but keyfiles as well. You can have it automatically load the keyfile (to unlock the container) at boot time. For the system/root partition it’s done via mkinitcpio.conf, and for the remaining partition it’s done via crypttab.

Fairly straight forward now. The installer even has an option to do full disk encryption (but it will use the entire disk, so any data or OS currently stored on it will be irreversibly wiped.)

It’s one of the options in the Calamares installer. The checkbox is named “Encrypt system”.

I missed that (last step). That’s exactly what I want. I’m guessing by system it also means /home partition included (if manually done). I guess I have questions now regarding using LVM and how it would work if I added another drive but well I’m sure I can find out the quickest path.

I’m thinking of adding another drive to keep those things separated would I have to disable secureboot (using it with current windows 11) ? I’m guessing that GRUB installed will auto-detect windows on the other drive but won’t tamper it then it is just tiny change in the bios on changing boot order? (just laying it out now that I have been given some hope on this)

You have to re-enable the “os-prober” in Grub’s default settings (it’s disabled by default.) Grub will then detect other EFI boot loaders, even on a different drive, even of another OS.

Or if you don’t want to bother, you can also just hold down F10 to select the boot device. (Some computers use a different hotkey.) It works for dual-booting, just without a fancy themed Grub menu.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.