Thanks my dude! You saved me after like 5hrs of nonesense lol. I tried many options but ended up going back to LUKS and was doing 1 thing wrong during the resize, and this helped! 👍
Ahh, glad you asked! Encryption scrambles your data, requiring a secret "key" to unscramble, so that no one else can read it. With this setup, when you boot into your Linux, before the OS can load, you will be prompted to enter your encryption passphrase (which you set on installation). This is particularly useful on laptops, which can easily be stolen.
@@DrewHowdenTech yep I think that also make your work and laptop more secure also it saves it on the tpm that's why windows 11 has tpm 2.0 req so I did know what it is more or less
Tho the problem with tpm 2.0 is if you laptop or pc breaks by the mother board that it was in it can make it hard to access your data I have this problem before so I had the pass word for the drive but it never work
Even with a Kensington lock, I'm sure someone with bolt cutters could cut it in a few seconds. And since most laptops are made out of cheap plastic, I imagine that if someone were to pull with enough force, it would probably break away.
Very interesting... Nice demo! I was looking for an on-metal dual boot solution as I have Windows on a secondary SSD ecrypted with BitLocker. I intend on using FDE on the primary SSD to include the linux boot partition also, for snapshotting. I wonder if the prober will work in this scenario. So, two physical drives; first partitioned with EFI + LUKS2 (Boot/Root); second partitioned as default with Bitlocker. Some observations also (if it helps); - I do think `open` works just the same as the older alias `luksOpen`. - For clearing the terminal screen; CTRL+L should do the same without clearing the buffer completely - sometimes you need to refer back.
@@DrewHowdenTech I see. It's worth researching. I haven't got around to it but I think that what the os prober does under the hood is scan all partitions for an efi/boot signature and then if found loads it in. Assuming this theory, it would work, like as if you run `lsblk`
@@DrewHowdenTech how much storage should I make the partition for linux I have 237GIB of NVME strorage and 92GIB used by windows Is a 80gb partition fine for Linux as a secondary OS
That really depends on your needs. What do you plan to do with this Linux installation? Based on what you said, it sounds like you have 145 GiB available for Linux.
@@DrewHowdenTech yes but I want space for windows as well what do you think will be a good Amount of data for each OS Also for linux is it the same amount of cpu usage as it normally would be when you use the try option
is this achievable? can you make a video about that? GRUB2; LUKS2 encrypted Brtfs BOOT; LUKS2 encrypted Brtfs ROOT; LUKS2 encrypted SWAP; running alongside Bitlocker encrypted Windows 11 supported; Default Wayland; GNOME desktop environment; .deb packages supported; AppArmor installed and pre-configured; No Snapd; No Firefox;
I don’t know of a way to have an encrypted boot partition on Linux, but you can definitely have Btrfs root and swap partitions on an encrypted LVM. And yes, you can set up BitLocker after installing Windows. That won’t affect the Linux side of things.
LUKS is one of worst encryption tools I had ever seen because it has a file length limit and I nearly lost many of the files after the migration and encryption process. Luckily, I have a backup of the Home folder in my external hard disk and am able to restore back my data. Using tools like Timeshift to backup Home will not work properly and hence be alerted. My question is: on the whole disk, only a few files are secret, so why do we need to encrypt the whole disk? I would rather encrypt them using VeraCrypt and the tool so far so good.
To clarify, LUKS does not impose a filename length limit, the file system does (for ext4, the limit for filenames is 255 characters). Also, how did you “migrate” your data to an LUKS volume? Since a partition has to be completely reformatted as an LUKS volume. Not quite sure how only some of your files were lost. As for your question “why do we need to encrypt the whole disk?” Great question! Sometimes applications will cache data in the /tmp directory (OUTSIDE your home directory), and these files could contain confidential information. In addition, if you are manually picking and choosing which files to encrypt, you run the risk of missing a file containing confidential information, leaving it unencrypted. Do you need more ways confidential data can escape encryption? By encrypting the whole disk, we avoid this. That’s why technicians (like myself) recommend full disk encryption.
Thanks my dude! You saved me after like 5hrs of nonesense lol. I tried many options but ended up going back to LUKS and was doing 1 thing wrong during the resize, and this helped! 👍
Thanks! It was helpful ...
Thank you so much!
what does disk Encryption do and what are the benafits
Ahh, glad you asked! Encryption scrambles your data, requiring a secret "key" to unscramble, so that no one else can read it.
With this setup, when you boot into your Linux, before the OS can load, you will be prompted to enter your encryption passphrase (which you set on installation).
This is particularly useful on laptops, which can easily be stolen.
@@DrewHowdenTech ok I think im fine without it because I have a Kensington lock
@@DrewHowdenTech yep I think that also make your work and laptop more secure also it saves it on the tpm that's why windows 11 has tpm 2.0 req so I did know what it is more or less
Tho the problem with tpm 2.0 is if you laptop or pc breaks by the mother board that it was in it can make it hard to access your data I have this problem before so I had the pass word for the drive but it never work
Even with a Kensington lock, I'm sure someone with bolt cutters could cut it in a few seconds. And since most laptops are made out of cheap plastic, I imagine that if someone were to pull with enough force, it would probably break away.
Very interesting... Nice demo!
I was looking for an on-metal dual boot solution as I have Windows on a secondary SSD ecrypted with BitLocker. I intend on using FDE on the primary SSD to include the linux boot partition also, for snapshotting. I wonder if the prober will work in this scenario. So, two physical drives; first partitioned with EFI + LUKS2 (Boot/Root); second partitioned as default with Bitlocker.
Some observations also (if it helps);
- I do think `open` works just the same as the older alias `luksOpen`.
- For clearing the terminal screen; CTRL+L should do the same without clearing the buffer completely - sometimes you need to refer back.
I've never tried os-prober with multiple drives, so I don't know if it will detect operating systems on other drives.
@@DrewHowdenTech I see. It's worth researching. I haven't got around to it but I think that what the os prober does under the hood is scan all partitions for an efi/boot signature and then if found loads it in. Assuming this theory, it would work, like as if you run `lsblk`
Does anyone with this setup encrypt the windows as well? How do you do that? Veracrypt?
You can use BitLocker to encrypt your Windows partition.
i am using windows and linux dual boot so i gett better perfromence in certian games what must put for allocated storage still never install ubuntu
Sorry what are you asking?
@@DrewHowdenTech how much storage should I make the partition for linux I have 237GIB of NVME strorage and 92GIB used by windows Is a 80gb partition fine for Linux as a secondary OS
That really depends on your needs. What do you plan to do with this Linux installation?
Based on what you said, it sounds like you have 145 GiB available for Linux.
@@DrewHowdenTech yes but I want space for windows as well what do you think will be a good
Amount of data for each OS
Also for linux is it the same amount of cpu usage as it normally would be when you use the try option
@@DrewHowdenTech also 145 is free on the disk rn
Hey. Thanks for guidance.
Is the same way to install two linux systems, when both are encrypted?
Not that I know of. Sorry. :(
is this achievable? can you make a video about that?
GRUB2;
LUKS2 encrypted Brtfs BOOT;
LUKS2 encrypted Brtfs ROOT;
LUKS2 encrypted SWAP;
running alongside Bitlocker encrypted Windows 11 supported;
Default Wayland;
GNOME desktop environment;
.deb packages supported;
AppArmor installed and pre-configured;
No Snapd;
No Firefox;
I don’t know of a way to have an encrypted boot partition on Linux, but you can definitely have Btrfs root and swap partitions on an encrypted LVM.
And yes, you can set up BitLocker after installing Windows. That won’t affect the Linux side of things.
would have bought membership but rn i cant realy affored it but would love to be a member
After that, my password started showing as incorrect and I couldn't log in anymore, now it's perfect 😢
This is perfect. Thanks a ton. You should make a vid of windows wiping grub and how to reinstall grub
I actually already made a couple videos covering that.
LUKS is one of worst encryption tools I had ever seen because it has a file length limit and I nearly lost many of the files after the migration and encryption process. Luckily, I have a backup of the Home folder in my external hard disk and am able to restore back my data. Using tools like Timeshift to backup Home will not work properly and hence be alerted. My question is: on the whole disk, only a few files are secret, so why do we need to encrypt the whole disk? I would rather encrypt them using VeraCrypt and the tool so far so good.
To clarify, LUKS does not impose a filename length limit, the file system does (for ext4, the limit for filenames is 255 characters).
Also, how did you “migrate” your data to an LUKS volume? Since a partition has to be completely reformatted as an LUKS volume. Not quite sure how only some of your files were lost.
As for your question “why do we need to encrypt the whole disk?” Great question! Sometimes applications will cache data in the /tmp directory (OUTSIDE your home directory), and these files could contain confidential information. In addition, if you are manually picking and choosing which files to encrypt, you run the risk of missing a file containing confidential information, leaving it unencrypted. Do you need more ways confidential data can escape encryption? By encrypting the whole disk, we avoid this. That’s why technicians (like myself) recommend full disk encryption.
Rock on Drew!!
thanks
i was just about to dual boot
but i wont be doing disk Encryption
Thank you very much