Dear all! It’s my first topic here, so please dont go hard on me.
I want to install manjaro on my Dell g5 5590 laptop (i5-9300H) on a primary drive (toshiba 500gb nvme) [i have a win10 installed on secondary drive and i use bitlocker there]. Because its a laptop, i would like an encryption to protect my data.
I have an option to set bios password and “hdd-0 password” (well, primary drive) in bios and i dont really know how that encryption works and if its reliable and fast.
Other option is to use a rather great guide on manjaro forum “encrypted-manjaro-installation-using-manjaro-architect” and employ LUKS which is probably reliable and fast enough (?)
So, what do i chose and why? Thanks for your help. I hope i posted in the right part of the forum. If not- please point me in the right direction.
The bios password doesn’t encrypt the HD it just ask a password. When you use USB manjaro with the “normal or easy install”, you can create partition manually and you will find the option for encryption (luks).
i am well aware bios pwd doesnt encrypt the drive. but i can set bios password and drive password in bios. i dont know what technology is used to encrypt drive in that case and if its better or not than using luks. Hence my original question.
Didn’t know i could use luks in the gui installer, was thinking going with architect and the guide for that. I guess, gui is easier, thanks.
It depends who you want to protect yourself from:
- A drive password can be removed by the manufacturer
- A LUKS password cannot be removed
at allwithout knowing the original password and lots of free disk space
So:
-
if you’re trying to protect from someone stealing your laptop and you are the registered owner of the laptop, drive password is good enough, but it does not protect you from a malicious state actor
-
If you’re trying to protect your personal data, but not your OS, GUI Home directory encryption is good enough.
-
If you want everything protected, you need Data-at-rest-encryption
The higher the security, the higher your responsibility, so forgetting a Data-at-rest password means:
Say goodbye to all of your data!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.