I need to reference an install guide every few years for a quick new install rather than spending hours in the wiki, and this tutorial is by far the best.
Man, you are a blessing! I just plugged in the USB with Arch, opened up youtube on my second PC and right on the home screen was your video. Exactly what I need! Thank you so much
Im not doing this right now, its 1am and i already have an arch install (thanks to your arch install video) and im just here because i like the vibes and your voice is calm lol
Great tutorial! but side note you should showcase how we can encrypt our SWAP as well because most people would wanna use SWAP and generally you need to encrypt both your SWAP partition and the root partition as well but some people don't really know how to do that, If you can showcase how to encrypt your SWAP and root partitions properly that would be great! Also, some people also already have a live install of arch linux without LUKS encryption and would like to convert to using LUKS encryption on an already live OS. If possible, are you also able to showcase how we can use LUKSIPC (LUKS in place conversion) to also show how we can encrypt our partitions post install?
Creates a tutorial for setting up an encrypted Arch install, emphasizing security for the audience. Then, undermines that security by enabling auto login, essentially rewarding malicious actors for their efforts in bypassing the first layer of defense, lol. That said, great video! It was very easy to follow with a straightforward approach
Thank you for watching my video! As I mentioned in the video, if someone gets access to your decryption password, then all your files are compromised. In fact, they can even change your login password. Autologin doesn't remove any real security, unless you have a multi-user system with strict file permissions and secureboot.
@Denshi Thanks for the clarification! You're right that if someone has your decryption password, they already have significant access. My concern was more about reducing the overall security posture. Appreciate your response and the video!
This is such a great tutorial - the wiki and another tutorial kept giving me issues (ik it's my fault but since idk wtf I'm doing how can I know how to fix it?) but this tutorial got me further than ever and I feel like I understand some of the process. My issue is when logging in the system just stalls on a blank screen for 5 minutes before giving me a timed out warning waiting for device "/dev/tpmrm0" and blank screen again
Sorry for bothering you, but Arch boots directly into BIOS after I unplugged the USB drive with the ISO. Did I just mess something up? I don't know, this is my first Linux installation.
I keep getting errors downloading KDE Plasma 27:38. It says: “Error: failed to commit transaction (failed to retrieve some files)” EDIT: I figured it out. For anybody having this issue, after you reboot into arch for the first time it doesn’t matter if you enabled network manager during the install, you will still have to reconnect to the wifi. To do this you need to use the nmcli command line tool.
Hello, I've done the same but instead of only 1 root partition, I made 2 partitions: home and root (I ve created a logical vol ) so what should I put for the grub config ? exactly like you (I mean only root partition uuid ) ? Thanks
What if i install arch with btrfs and use btrfs's subvolume and not the lvm ? Which will be good ? And in my previous installation with arch + btrfs (with subvolums) + encryption, in grub configuration i added encryption UUID but not Decrypt but i added like , GRUB_CMDLINE_LINUX_DEFAULTS="loglevel=3 quiet cryptdevice=UUID=456ft........6s4:main root=/dev/mapper/main" What's about it ?
When I try installing grub it tells me that it cannot install and gives me this warning:: grub-install warning: this GPT partition label contains no BIOS Boot Partition. Can anyone help?
Hi, when I’m booting the system and entering password, after it says Root device mounted successfully, but /sbin/init does not exist. Do you know where is the problem or where I can find the solution?
I have separate /home partition! So, if i follow the same steps with that partition, it will encrypt that too? With one password for root partition and one different password for home partition. Will that mean I have to type 2 passwords to login?😅
Hello! Good video, but I didn’t understand why you created a decrypted partition on the disk) in my opinion, it undermines security. Sorry if the question is stupid because maybe I misunderstood because I’m a newbie to Linux or didn’t understand because I don’t know English well. Thank you for your reply in advance!
The only decrypted partition is the boot partition, which contains your kernel and initramfs. While it is possible to also encrypt this partition, the security gain is negligible at best because you're probably not going to put any sensitive information here. If you still want an encrypted boot partition, you can read more here: wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB) Once again, I didn't cover this in the video because you're probably not gonna put your passwords or any valuable information on your boot partition, but it's still an option to encrypt it if you wanna go through the extra steps.
The steps are identical, except you install Gentoo instead of Arch. The only big difference between encryption and no encryption is the cryptsetup commands, adding flags to the initcpio and the bootloader configuration.
I need to reference an install guide every few years for a quick new install rather than spending hours in the wiki, and this tutorial is by far the best.
there's no other channel on UA-cam better on covering Linux guides
Man, you are a blessing! I just plugged in the USB with Arch, opened up youtube on my second PC and right on the home screen was your video. Exactly what I need! Thank you so much
Im not doing this right now, its 1am and i already have an arch install (thanks to your arch install video) and im just here because i like the vibes and your voice is calm lol
Great tutorial! but side note you should showcase how we can encrypt our SWAP as well because most people would wanna use SWAP and generally you need to encrypt both your SWAP partition and the root partition as well but some people don't really know how to do that, If you can showcase how to encrypt your SWAP and root partitions properly that would be great!
Also, some people also already have a live install of arch linux without LUKS encryption and would like to convert to using LUKS encryption on an already live OS. If possible, are you also able to showcase how we can use LUKSIPC (LUKS in place conversion) to also show how we can encrypt our partitions post install?
been waiting a while for this, thanks for this video!
Creates a tutorial for setting up an encrypted Arch install, emphasizing security for the audience. Then, undermines that security by enabling auto login, essentially rewarding malicious actors for their efforts in bypassing the first layer of defense, lol.
That said, great video! It was very easy to follow with a straightforward approach
Thank you for watching my video! As I mentioned in the video, if someone gets access to your decryption password, then all your files are compromised. In fact, they can even change your login password. Autologin doesn't remove any real security, unless you have a multi-user system with strict file permissions and secureboot.
@Denshi Thanks for the clarification! You're right that if someone has your decryption password, they already have significant access. My concern was more about reducing the overall security posture.
Appreciate your response and the video!
Thanks. I'm buying a new laptop next week and this will help
still decrypting this tutorial, thanks denshi!
Lovely guide, worked flawlessly first time thanks so much ❤️
This was super clear, thanks
This is such a great tutorial - the wiki and another tutorial kept giving me issues (ik it's my fault but since idk wtf I'm doing how can I know how to fix it?) but this tutorial got me further than ever and I feel like I understand some of the process.
My issue is when logging in the system just stalls on a blank screen for 5 minutes before giving me a timed out warning waiting for device "/dev/tpmrm0" and blank screen again
You always upload something which i am interested in, Love you man ...
Thank you so much!!!! I love this channel
Sorry for bothering you, but Arch boots directly into BIOS after I unplugged the USB drive with the ISO. Did I just mess something up? I don't know, this is my first Linux installation.
video cured my brain cancer
Well, time to do everything again. I got till 18:50 and grub-install threw me an error, because I somehow fucked up the boot partition.
How would you add a swap partition to the encrypted drive?
I keep getting errors downloading KDE Plasma 27:38. It says: “Error: failed to commit transaction (failed to retrieve some files)”
EDIT: I figured it out. For anybody having this issue, after you reboot into arch for the first time it doesn’t matter if you enabled network manager during the install, you will still have to reconnect to the wifi. To do this you need to use the nmcli command line tool.
how can I change the keyboard layout in sddm and during the decryption?
Amazing tutorial! but do you know how to decrypt root with fido2? i can't seem to get it working
Hello, I've done the same but instead of only 1 root partition, I made 2 partitions: home and root (I ve created a logical vol ) so what should I put for the grub config ? exactly like you (I mean only root partition uuid ) ?
Thanks
What if i install arch with btrfs and use btrfs's subvolume and not the lvm ? Which will be good ?
And in my previous installation with arch + btrfs (with subvolums) + encryption, in grub configuration i added encryption UUID but not Decrypt but i added like ,
GRUB_CMDLINE_LINUX_DEFAULTS="loglevel=3 quiet cryptdevice=UUID=456ft........6s4:main root=/dev/mapper/main"
What's about it ?
From comfy to encrypted
What a jump
hey Denshi why did you install lvm2 ? I don't see you did use it ..
Can you do this on BTRFS with snapp subvolume? 😅
When I try installing grub it tells me that it cannot install and gives me this warning:: grub-install warning: this GPT partition label contains no BIOS Boot Partition. Can anyone help?
Hi, when I’m booting the system and entering password, after it says Root device mounted successfully, but /sbin/init does not exist. Do you know where is the problem or where I can find the solution?
Why is every tutorial show saving file in nano with three steps (Ctrl+O/Enter/Ctrl+X) instead of two steps Ctrl+S/Ctrl+X ?
This is golden, have a like and sub!
I have separate /home partition!
So, if i follow the same steps with that partition, it will encrypt that too? With one password for root partition and one different password for home partition.
Will that mean I have to type 2 passwords to login?😅
Hi densh please make a video how to self-host a private matrix synapse server on debian or ubuntu
Dear denshi,
Can you do a comfy guide for setting up an openvpn server?
is adding a swap partition more just a preference? or will a swap partition not work with an encrypted disk?
it will work, it's just a preference.
Hello! Good video, but I didn’t understand why you created a decrypted partition on the disk) in my opinion, it undermines security. Sorry if the question is stupid because maybe I misunderstood because I’m a newbie to Linux or didn’t understand because I don’t know English well. Thank you for your reply in advance!
The only decrypted partition is the boot partition, which contains your kernel and initramfs. While it is possible to also encrypt this partition, the security gain is negligible at best because you're probably not going to put any sensitive information here.
If you still want an encrypted boot partition, you can read more here: wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB)
Once again, I didn't cover this in the video because you're probably not gonna put your passwords or any valuable information on your boot partition, but it's still an option to encrypt it if you wanna go through the extra steps.
❤
im begging you for gentoo encrypted guide
The steps are identical, except you install Gentoo instead of Arch. The only big difference between encryption and no encryption is the cryptsetup commands, adding flags to the initcpio and the bootloader configuration.