Question about luks reliability (additional bugs?) and data protection against Windows and SSD Partitioning

In the next year i want to update my Mainboard/CPU and replace some SSD’s on my PC and i asked myself how i could setup my drives and my partitions for a optimal OS stability and data protection when i load in Win10 for Gaming/VR Gaming.

I read a few people reported issues with dual boot and this lead me to buying a external usb drive for Linux/Manjaro, i also though it would be the best way to keep my data protected (unplugged) from Windows but a guy in this forum told me its not recommended and not official support to use a external Linux Bootdrive.

  1. I don’t know if my files under Linux are protected in Win10 and possible malware and hackers or facebook (because i want to use Oculus Home, that includes alot spytelemetrie), are my Linux files save on a ext4 partition, or will Windows10 have access to this partition?

  2. Will be Luks the only safe way to protect my internal linux ext4 partitions under win10? Will i get additional boot issues in future when i’m using luks? I’m also thinking to disable my Linux drive in Windows Device Manager, but im unsure if this is really the right key, because i could use the Linux drive for games in windows.

  3. Optional Question: How should i install my future PC System when i have 1x NVMe SSD and 1x Sata SSD. At the moment i’m thinking about installing Linux on the NVMe SSD with my VR Games on a seperate partition on the NVMe and my Sata SSD with Windows 10 and Flatscreen Games also on a secondary partition. I think that gives the optimal performance for gaming but i read its a best way to disconnect my other drives when install/reinstall Win10 because it messed around with the other drives (possible random installing boot partition or even replacing Partition Tables from Grub?). Can anyone confirm this problems, i also don’t know how if there is a way to disable the NVMe drive in other Bioses (newer Biosversions) because there is no way to disable this NVMe drives in my Gigabyte Z-170 Mainboard and its takes to much time to unplug it, because its hidden under the CPU Cooler.

I know there are alot of questions but i hope you guys can give me advise how to setup my PC/future PC the right way.

Thanks in advance :slight_smile:

Out-of-the-box, Microsoft Windows cannot read any of the Linux-native filesystems. There are several freely downloadable Windows drivers and utilities for reading an ext4 filesystem, but as far as Microsoft is concerned, that is third-party software that you must install yourself, and I also do not know whether similar drivers and utilities exist for filesystems such as xfs, btrfs, jfs, reiserfs, et al.

However, what you do have to keep in mind is that if you were to run Wine on your GNU/Linux system, then any Windows malware that you could be running inside of a Wine session will have access to your entire home directory ─ not beyond, because it wouldn’t have the right permissions.

Luks doesn’t have anything to do with protection against Windows or malware. Luks only offers protection against data theft in the event that your computer is stolen. Therefore, it is almost by definition useless on a desktop workstation, although it’s pretty useful on laptops that you take out on the road with you.

Once a Luks-encrypted volume is unlocked, the system can read from and write to it according to the regularly applicable permissions, and so it would offer no protection at all against any malware or other misbehaving software.

I’ve never used Luks, but many people here seem to be having problems with it, albeit that those problems are probably caused by a malfunction in the biological unit between the keyboard and the chair. :wink:

Disconnecting the drive is pointless.

The speed of the drives doesn’t really matter much beyond booting. The Linux kernel uses aggressive caching, and so most read operations will be directed toward the cache in RAM, rather than toward the drive.

The simplest thing to do would be to install Microsoft Windows first and install Manjaro after that. Then you won’t have to disconnect anything, and Windows won’t be screwing up the boot loader ─ albeit that a Windows update could still be doing that at some later point, according to what I hear.

Myself, I don’t use Microsoft Windows and I have no need for it, but your mileage may vary. :wink:

4 Likes

Thanks for your long reply, i appreciate this.

Possible you missed my point or maybe i miss something here (related how luks exactly works in every little detail). But from my understanding, Sample: When i boot into Win10 on drive number1 my Linux drive number2 would be still locked and stay encrypted with luks and its not possible (atleast with my encryption password and the additional drivers what you suggested) to have access to my Linux files
under Windows10.

Im aware that when i have open my Linux encrypted volumen open/booten up, that my files could be read by a hacker but how will a hacker or telemetrie have access to it, when im boot into Windows10 (without a Virtuelle Machine of course… but till today i don’t use a VM or even Wine)?

Then there is still no point in using LUKS, because Microsoft Windows cannot read GNU/Linux filesystems. In other words, with or without encryprion, Windows has no access to your GNU/Linux partitions. :wink:

2 Likes

I’ve marked this answer as the solution to your question as it is by far the best answer you’ll get.

However, if you disagree with my choice, please feel free to take any other answer as the solution to your question or even remove the solution altogether: You are in control! (If you disagree with my choice, just send me a personal message and explain why I shouldn’t have done this or :heart: or :+1: if you agree)

:innocent:
P.S. In the future, please don’t forget to come back and click the 3 dots below the answer to mark a solution like this below the answer that helped you most:
Solution
so that the next person that has the exact same problem you just had will benefit from your post as well as your question will now be in the “solved” status.