My arch install took some setup to get it specifically right for me, still trying to figure out the final touches. I have the entire thing encrypted and under btrfs sub-partitions. I set up secure boot as well and added it to my tpm. Last thing I got to do is set it up so it automatically decrypts on boot without a password. I’ve been liking this setup over my Fedora setup. I have to worry about smaller breakage every so often, but with Fedora I had to worry about big breakage every major version. Moving most of what I can to flatpak mitigated a lot of that though. I’m too lazy to replicate my arch setup on my laptop so that’s just sticking with Fedora until I decide it should run something else.
Sorry if this is a stupid question, and maybe it’s because I’m not understanding exactly what you’re saying, but what’s the benefit of encrypting if it decrypts on boot without a password?
Just to prevent someone who boots another OS on your device from being able to access your files? Something else?
Because changing any hardware will flip the tpm and require a password. If they stole the hard drive, it’d be encrypted. Basically I’m protecting on if they rip out the harddrive lol.
Arch has been more of a “just works” distro for me than OpenSUSE Tumbleweed, Debian and Fedora.
Arch Installation nowadays goes like this:
iwctl device list station *device* scan station *device* get-networks station *device* connect *SSID* archinstall
And you only need the first 5 lines if you’re installing from wifi.
My arch install took some setup to get it specifically right for me, still trying to figure out the final touches. I have the entire thing encrypted and under btrfs sub-partitions. I set up secure boot as well and added it to my tpm. Last thing I got to do is set it up so it automatically decrypts on boot without a password. I’ve been liking this setup over my Fedora setup. I have to worry about smaller breakage every so often, but with Fedora I had to worry about big breakage every major version. Moving most of what I can to flatpak mitigated a lot of that though. I’m too lazy to replicate my arch setup on my laptop so that’s just sticking with Fedora until I decide it should run something else.
Sorry if this is a stupid question, and maybe it’s because I’m not understanding exactly what you’re saying, but what’s the benefit of encrypting if it decrypts on boot without a password?
Just to prevent someone who boots another OS on your device from being able to access your files? Something else?
Because changing any hardware will flip the tpm and require a password. If they stole the hard drive, it’d be encrypted. Basically I’m protecting on if they rip out the harddrive lol.