Ok I'm interested to find out how many of you #Linux laptop users that use an encrypted root partition of some description actually use hibernate aka suspend to disk ?
Feel free to leave your reasons for using or not below.
One thing that kinda pisses me off about @tails is that it's #PersistentStorage - which is just a fancy name for #LUKS encryption - is absurdly restrictive and the #setup doesn't even want to work.
Like yes there's a reason I'm booting the #ISO via #Ventoy [ https://www.ventoy.net/en/index.html ] and yes I want to use the vacantly kept 8GiB at the end of the flashdrive to be useable as for persistent storage and no, I need that drive to be as is since it's a #multiboot drive designed to be easily updated.
#Ubuntu 23.10 adds #TPM based Full Disk Encryption. I think this is a step in the right direction. LUKS password based encryption is not ideal for many non geeky Desktop users.
However, I personally use #LUKS with USB-stick/SD-card key based authentication so far.
Okay, I’ve tried the whole Root on #ZFS dance, and it’s not making me happy. “Disable #SecureBoot or build your own Secure Boot trust chain” is just … too cumbersome. And since I don’t need fancy ZFS-only features anyway, let’s see whether I can instead build something that better suits my needs based on just #LVM’s RAID options (including --raidintegrity) and #LUKS.
Unlocking a LUKS-encrypted partition via ssh on Debian 12 Bookworm.
The process for setting up ssh-based decryption of a pre-boot LUKS partition on Debian 12 Bookworm is almost the same as with Debian 10/11, but some of the paths have changed.
So I'm rebuilding my main home dev system. I want everything except /𝚋𝚘𝚘𝚝 and 𝚜𝚠𝚊𝚙 to be #LUKS encrypted and #RAID1 mirrored. I'm not really interested in getting #LVM into the mix; I don't see any added value. So what's the best path? Boot from a dist #disc and set up #MD RAID1 sets, and then install onto them? Or what?
I've typically used #Fedora, but keeping current/upgrading has always been iffy or a pain. Maybe I should use #Ubuntu? #Debian users scared ne off years ago..
Nach Systemupdate (Lubuntu 23.04 → 23.10) bootet Grub nach Eingabe des Plattenkryptokeys ins … BIOS?! WTF?!??
Keine Fehlermeldung, keine Busybox, direkt kommentarlos ins BIOS. o_O
Also Livestick rausgekramt und erstmal rumgesucht, aber alle beantworteten Fragen trafen mein Problem nicht, und DenverCoder9 hat seine Lösung mal wieder nicht gepostet … narf
(https://xkcd.com/979/ ^_^)
After more thinking related to my previous post (https://is-a.cat/@madargon/111845765590354051) I decided to add some kind of dead man's switch to my main laptop (to ensure disk #encryption would fully protect it in case of emergency). I read it could be possible to configure systemd-logind to shut down my computer automatically after long inactivity. So I tried to do it and now I have laptop shutting down in random moments, mostly after I open its lid after being long closed when turned on (as I understand it makes it suspended and systemd-logind doesn't work then), use it and then leave idle for 20-30 mins. And my goal was shutting it down after full 10+ h inactivity :blobfoxfacepalm:
I am not sure WHAT I am doing wrong :blobcatfearful2:
Schreibe momentan an einem Artikel zu FIDO2 / U2F Sicherheitsschlüsseln wie SoloKey2, YubiKey5 oder NitroKey3.
Es wird darum gehen wie diese Keys mit standard tools eingerichtet und für Login in Linux oder OpenSSH eingesetzt werden können (am beispiel Fedora Linux). Vielleicht nehme ich auch gleich LUKS decryption mit auf, sonst kommt das hinterher
Habt ihr ein besonderes Interesse bzw. Fragen auf die ich besonderen Wert legen soll?
Every few weeks I meet a system I set up with full disk encryption on luks1, sendiri cari pasal, upgrade it to luks2, then :akasad: when the system doesn't boot.
In an hour of troubleshooting where I get to the verge of reinstalling the system but still myself because that's ludicrously inefficient, I remember luks2 doesn't work with grub and revert all my upgrades. System then merrily boots.
This has happened twice.
I expect my brain to forget about this again in a few weeks so this time I'm reminding myself by writing it down.
@krevedkokun shared a cool thread about uki-bootloader implementation for guix, which brings alternative to grub and better encrypted root support. The solution has some drawbacks, but still very nice to see this work done!
It is the "world #backup day", at least according to WorldBackupDay.com. I like the idea of having such a day, to serve as another nudge and a reminder to make and check backups, though WorldBackupDay.com is awkward, does not mention rsync in its software section. The "com" TLD looks suspicious, too, but it is better than nothing (except for potential private data leaks with online backup services).
I use primarily encrypted external HDDs (#ZFS or #LUKS with #ext4) and #rsync for personal backups, including rsync with "--dry-run --checksum" for scrubbing and checking before synchronization; quite happy that such tools are available, even though they are usually taken for granted, as are many other neat FLOSS tools we use regularly. Planning to add a USB stick to the list of storage devices, since it should be less fragile mechanically (even though less reliable otherwise).
do you have a handy #usb or #sdcard you usually travel with? they are small, light, cheap... convenient.
it's not that you store there Top Secrets (maybe!) but in case it was lost or stolen you will feel more relaxed if the drive was securely encrypted. LUKS
#LUKS implements a platform-independent standard on-disk format for use in various tools. This facilitates compatibility and interoperability among different programs and operating systems[...]
I was to write a blogpost about it, but there are plenty of them available to use LUKS encryption in any platform. Just three here:
and How to backup or restore LUKS header by @milosz ⚠️ Do this just after creating your encrypted drive and save the header in another (safe) storage. Use a password manager to create/store safe pass-phrasses (recomended for usb-luks as you most likely will have to hand write it) and passwords.
My usb-luks are automatically detected and mounted (after pass-phrase prompt) in both #archlinux :archLinux: and #debian :debian: 🥳