this post was submitted on 12 Oct 2025
316 points (98.2% liked)

Privacy

42553 readers
492 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
Yayannick@lemmy.ml
ranok@sopuli.xyz
tmpod@lemmy.pt
316
Encrypt your Linux with LUKS, like seriously. (lemmy.ml)
submitted 2 days ago* (last edited 2 days ago) by lunatique@lemmy.ml to c/privacy@lemmy.ml
121 comments fedilink hide all child comments
 

This makes a world of difference. I know many people may know of it but may not actually do it. It Protects your files in case your computer is ever stolen and prevents alphabet agencies from just brute forcing into your Laptop or whatever.

I found that Limine (bootloader) has the fastest decryption when paired with LUKS at least for my laptop.

If your computer isn't encrypted I could make a live USB of a distro, plug it into your computer, boot, and view your files on your hard drive. Completely bypassing your Login manager. If your computer is encrypted I could not. Use a strong password and different from your login

Benefits of Using LUKS with GRUB Enhanced Security

  • Data Protection: LUKS (Linux Unified Key Setup) encrypts disk partitions, ensuring that data remains secure even if the physical device is stolen.
  • Full Disk Encryption: It can encrypt the entire disk, including sensitive files and swap space, preventing unauthorized access to confidential information.

Compatibility with GRUB

  • Unlocking from Bootloader: GRUB can unlock LUKS-encrypted partitions using the cryptomount command, allowing the system to boot securely without exposing sensitive data.
  • Support for LVM: When combined with Logical Volume Management (LVM), LUKS allows for flexible partition management while maintaining encryption.
you are viewing a single comment's thread
view the rest of the comments
[–] Jason2357@lemmy.ca 6 points 1 day ago (1 children)

Don’t forget /tmp, and maybe logs too. Theres docker storage and kvm image locations if you use that. Maybe others. FDE also makes an evil maid attack much less trivial too.

[–] Nalivai@lemmy.world 1 points 1 day ago (1 children)

I don't know, I don't see a lot of damage or unpleasantness stemming from someone getting into my /tmp, but I don't want any llm being fed contents of my /home. I am less afraid of an attack, as I am irked by corpos putting fingers into my shit

[–] pupbiru@aussie.zone 3 points 1 day ago (1 children)

corpos aren’t who you’re protecting against with encrypted drives… they’re not going to gain access to anything via bypassing your OS: they get everything via software you’ve installed or things like tracking

the main thing you’re protecting against with encryption is theft (or if you think you’re being physically targeted, it also stops them from modifying your system… eg replacing your kernel or a binary that gives them access somehow)

[–] Jason2357@lemmy.ca 1 points 17 hours ago

Indeed. Best to think of disk encryption as protection from physical access -i.e., theft, but also accidentally recycled drives later on. It provides zero protection from somebody attacking your running system, that's the job of the operating system and client software like web browsers. While the system is running, the drive is decrypted and unprotected.

I just prefer fde because it's simpler. There's no guessing about what needs to be encrypted and what doesn't. There isn't any human-noticiable performance impact on modern computers, so there's not really a downside besides having 2 password prompts whenever I actually do a full reboot.