Disk Encryption #38
Comments
|
I would like to add on to this that I have for now written a relatively OK bunch of notes which should be sufficient to explain to anyone how to set up LUKS... this could be added to the wiki. https://github.com/b-crumb/asahi-luks-notes/blob/main/ASAHILUKS.md |
|
For those using an Asahi Fedora remix, I posted a how-to on my blog covering the entire process of install, LUKS encryption, configure grub, rebuild initramfs, etc. https://davidalger.com/posts/asahi-fedora-workstation-on-apple-silicon-with-luks-encrypted-root/ TL:DR; The LUKS encryption part itself is done in-place while booted from a Fedora USB drive allowing the Fedora root partition to remain unmounted:
|
|
I am not sure but I think this was added to the installer. Can someone confirm this please? |
|
Encryption is not supported in the installer at the moment. There is an old WIP branch at AsahiLinux/asahi-installer#240 |
|
I'd love to switch to Asahi Linux but full-disk encryption is a basic security requirement for many workplaces. MacOS, Windows, and most phones have this available as standard. I love the work you've done but I'm not sure I can switch if this isn't implemented - I think it's a must-have, not a nice-to-have. Is there a timeframe on AsahiLinux/asahi-installer#240 and is it implementing full-disk or just home directory? |
LUKS disk encryption would be a nice-to-have option with the installer. However, I can understand this potentially not being an option as the installer has to play nicely with the existing APFS filesystem.
Perhaps systemd-homed using LUKS as the storage mechanism could be considered as a compromise as the user's home directory (perhaps the most relevant part of the filesystem to keep private) would be LUKS encrypted. It wouldn't be full-disk encryption, but still could get some of the way there for user's hoping to have an additional layer of security. However, I could understand this being undesired as it can introduce some complexity and unforeseen complications.
P.S. thanks for all the work that's gone to Asahi. It's so well thought out and I appreciate how polished it is despite being in Alpha. I can't wait for the finished product.
EDIT:
I want to add that for users who want to convert their existing user's home directory to systemd-homed, there is a migration guide
However, there are some constraints on the partition that need to be met for systemd-homed to work with LUKS as the storage mechanism. I'm not sure if the way the partitions are setup in the installer would meet the requirements. I'm just adding this because I'm not sure if these constraints would invalidate the ability to use systemd-homed with Asahi's installer.
The text was updated successfully, but these errors were encountered: