wiki[dot]archlinux[dot]org/title/dm-crypt/Encrypting_an_entire_system Which guide do I follow here if I want to have the same type of boot encryption that ubuntu sets up during its install (i.e. the not horrifically slow one)? From testing in a VM it seems the graphical installer still uses the older style?
Separate /boot partition and/or use systemd-boot.
Keep in mind that using systemd-boot requires you to manually (or using a script and/or helper hook) update the menu in your EFI system partition, where the Linux kernel and initramfs live.
Otherwise, you can still use Grub, but have the boot files, menu, and kernel live on a plain (non-encrypted) separate /boot partition. Which is how Ubuntu used to (and still does?) do it.
To answer your question directly, it’s the section titled LUKS on a partition.
1 Like