Man, you are a blessing! I just plugged in the USB with Arch, opened up youtube on my second PC and right on the home screen was your video. Exactly what I need! Thank you so much
Im not doing this right now, its 1am and i already have an arch install (thanks to your arch install video) and im just here because i like the vibes and your voice is calm lol
Creates a tutorial for setting up an encrypted Arch install, emphasizing security for the audience. Then, undermines that security by enabling auto login, essentially rewarding malicious actors for their efforts in bypassing the first layer of defense, lol. That said, great video! It was very easy to follow with a straightforward approach
Thank you for watching my video! As I mentioned in the video, if someone gets access to your decryption password, then all your files are compromised. In fact, they can even change your login password. Autologin doesn't remove any real security, unless you have a multi-user system with strict file permissions and secureboot.
@Denshi Thanks for the clarification! You're right that if someone has your decryption password, they already have significant access. My concern was more about reducing the overall security posture. Appreciate your response and the video!
This is hands down the best guide I've ever seen, explains stuff way better than the wiki itself or other tutorials, the only things to watch out for when installing is NVidia drivers and configure them when needed or nvme stuff but those are just the specifics this is more than perfect and did save me from many headaches, thanks!
Great tutorial! but side note you should showcase how we can encrypt our SWAP as well because most people would wanna use SWAP and generally you need to encrypt both your SWAP partition and the root partition as well but some people don't really know how to do that, If you can showcase how to encrypt your SWAP and root partitions properly that would be great! Also, some people also already have a live install of arch linux without LUKS encryption and would like to convert to using LUKS encryption on an already live OS. If possible, are you also able to showcase how we can use LUKSIPC (LUKS in place conversion) to also show how we can encrypt our partitions post install?
I need to reference an install guide every few years for a quick new install rather than spending hours in the wiki, and this tutorial is by far the best.
I keep getting errors downloading KDE Plasma 27:38. It says: “Error: failed to commit transaction (failed to retrieve some files)” EDIT: I figured it out. For anybody having this issue, after you reboot into arch for the first time it doesn’t matter if you enabled network manager during the install, you will still have to reconnect to the wifi. To do this you need to use the nmcli command line tool.
Nice guide! It inspired me to encrypt my own laptop. BTW, how do you record the screen of the VM with that high quality? I'm trying something like this with QEMU or VirtualBox, but I'm unable to have a quality similar to this video. Thanks for the help!
Why was the type of sda1 in the video without "EFI SYSTEM" type in cfdisk? Is it not needed? Do i just need to format it to fat32 without changing the type.
This is such a great tutorial - the wiki and another tutorial kept giving me issues (ik it's my fault but since idk wtf I'm doing how can I know how to fix it?) but this tutorial got me further than ever and I feel like I understand some of the process. My issue is when logging in the system just stalls on a blank screen for 5 minutes before giving me a timed out warning waiting for device "/dev/tpmrm0" and blank screen again
Hello, I've done the same but instead of only 1 root partition, I made 2 partitions: home and root (I ve created a logical vol ) so what should I put for the grub config ? exactly like you (I mean only root partition uuid ) ? Thanks
Sorry for bothering you, but Arch boots directly into BIOS after I unplugged the USB drive with the ISO. Did I just mess something up? I don't know, this is my first Linux installation.
What if i install arch with btrfs and use btrfs's subvolume and not the lvm ? Which will be good ? And in my previous installation with arch + btrfs (with subvolums) + encryption, in grub configuration i added encryption UUID but not Decrypt but i added like , GRUB_CMDLINE_LINUX_DEFAULTS="loglevel=3 quiet cryptdevice=UUID=456ft........6s4:main root=/dev/mapper/main" What's about it ?
When I try installing grub it tells me that it cannot install and gives me this warning:: grub-install warning: this GPT partition label contains no BIOS Boot Partition. Can anyone help?
Hi, when I’m booting the system and entering password, after it says Root device mounted successfully, but /sbin/init does not exist. Do you know where is the problem or where I can find the solution?
I have separate /home partition! So, if i follow the same steps with that partition, it will encrypt that too? With one password for root partition and one different password for home partition. Will that mean I have to type 2 passwords to login?😅
Yes, if you encrypt both the root (/) and /home partitions with different passwords, you’ll need to enter both during boot one for the root and another for /home. This happens because each encrypted partition is independent. To avoid typing two passwords, you can configure /home to unlock automatically after the root is decrypted.
Hello! Good video, but I didn’t understand why you created a decrypted partition on the disk) in my opinion, it undermines security. Sorry if the question is stupid because maybe I misunderstood because I’m a newbie to Linux or didn’t understand because I don’t know English well. Thank you for your reply in advance!
The only decrypted partition is the boot partition, which contains your kernel and initramfs. While it is possible to also encrypt this partition, the security gain is negligible at best because you're probably not going to put any sensitive information here. If you still want an encrypted boot partition, you can read more here: wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB) Once again, I didn't cover this in the video because you're probably not gonna put your passwords or any valuable information on your boot partition, but it's still an option to encrypt it if you wanna go through the extra steps.
there's no other channel on UA-cam better on covering Linux guides
Man, you are a blessing! I just plugged in the USB with Arch, opened up youtube on my second PC and right on the home screen was your video. Exactly what I need! Thank you so much
Im not doing this right now, its 1am and i already have an arch install (thanks to your arch install video) and im just here because i like the vibes and your voice is calm lol
Creates a tutorial for setting up an encrypted Arch install, emphasizing security for the audience. Then, undermines that security by enabling auto login, essentially rewarding malicious actors for their efforts in bypassing the first layer of defense, lol.
That said, great video! It was very easy to follow with a straightforward approach
Thank you for watching my video! As I mentioned in the video, if someone gets access to your decryption password, then all your files are compromised. In fact, they can even change your login password. Autologin doesn't remove any real security, unless you have a multi-user system with strict file permissions and secureboot.
@Denshi Thanks for the clarification! You're right that if someone has your decryption password, they already have significant access. My concern was more about reducing the overall security posture.
Appreciate your response and the video!
This is hands down the best guide I've ever seen, explains stuff way better than the wiki itself or other tutorials, the only things to watch out for when installing is NVidia drivers and configure them when needed or nvme stuff but those are just the specifics this is more than perfect and did save me from many headaches, thanks!
Great tutorial! but side note you should showcase how we can encrypt our SWAP as well because most people would wanna use SWAP and generally you need to encrypt both your SWAP partition and the root partition as well but some people don't really know how to do that, If you can showcase how to encrypt your SWAP and root partitions properly that would be great!
Also, some people also already have a live install of arch linux without LUKS encryption and would like to convert to using LUKS encryption on an already live OS. If possible, are you also able to showcase how we can use LUKSIPC (LUKS in place conversion) to also show how we can encrypt our partitions post install?
I need to reference an install guide every few years for a quick new install rather than spending hours in the wiki, and this tutorial is by far the best.
been waiting a while for this, thanks for this video!
Thank you so much Denshi! I managed to get it all working on the very first try. 10/10 would recommend ❤
23:57 in /etc/default/grub there‘s a commented line that says GRUB_ENABLE_CRYPTODISK. Why didn’t we enable this? What is this for?
You always upload something which i am interested in, Love you man ...
Thanks. I'm buying a new laptop next week and this will help
Lovely guide, worked flawlessly first time thanks so much ❤️
why single boot partition vs separate efi and boot partitions?
Also, why lvm2 and the hook if not using any logical volume management?
I keep getting errors downloading KDE Plasma 27:38. It says: “Error: failed to commit transaction (failed to retrieve some files)”
EDIT: I figured it out. For anybody having this issue, after you reboot into arch for the first time it doesn’t matter if you enabled network manager during the install, you will still have to reconnect to the wifi. To do this you need to use the nmcli command line tool.
Nice guide! It inspired me to encrypt my own laptop. BTW, how do you record the screen of the VM with that high quality? I'm trying something like this with QEMU or VirtualBox, but I'm unable to have a quality similar to this video. Thanks for the help!
Well, time to do everything again. I got till 18:50 and grub-install threw me an error, because I somehow fucked up the boot partition.
how does artix calamares installer manage to do without a unencrypted boot partition? Maybe cover this topic in the future
still decrypting this tutorial, thanks denshi!
This was super clear, thanks
From comfy to encrypted
What a jump
Yeah baby i am back to linux ❤️
Thank you so much!!!! I love this channel
Why was the type of sda1 in the video without "EFI SYSTEM" type in cfdisk? Is it not needed? Do i just need to format it to fat32 without changing the type.
This is such a great tutorial - the wiki and another tutorial kept giving me issues (ik it's my fault but since idk wtf I'm doing how can I know how to fix it?) but this tutorial got me further than ever and I feel like I understand some of the process.
My issue is when logging in the system just stalls on a blank screen for 5 minutes before giving me a timed out warning waiting for device "/dev/tpmrm0" and blank screen again
Hello, I've done the same but instead of only 1 root partition, I made 2 partitions: home and root (I ve created a logical vol ) so what should I put for the grub config ? exactly like you (I mean only root partition uuid ) ?
Thanks
Does it have to be a fresh install? I have been using an Arch machine for months can I do it without wiping my data?
Can you do this on BTRFS with snapp subvolume? 😅
Sorry for bothering you, but Arch boots directly into BIOS after I unplugged the USB drive with the ISO. Did I just mess something up? I don't know, this is my first Linux installation.
How would you add a swap partition to the encrypted drive?
What if i install arch with btrfs and use btrfs's subvolume and not the lvm ? Which will be good ?
And in my previous installation with arch + btrfs (with subvolums) + encryption, in grub configuration i added encryption UUID but not Decrypt but i added like ,
GRUB_CMDLINE_LINUX_DEFAULTS="loglevel=3 quiet cryptdevice=UUID=456ft........6s4:main root=/dev/mapper/main"
What's about it ?
how can I change the keyboard layout in sddm and during the decryption?
When I try installing grub it tells me that it cannot install and gives me this warning:: grub-install warning: this GPT partition label contains no BIOS Boot Partition. Can anyone help?
Amazing tutorial! but do you know how to decrypt root with fido2? i can't seem to get it working
hey Denshi why did you install lvm2 ? I don't see you did use it ..
Does this also encrypt the boot partition?
Hi densh please make a video how to self-host a private matrix synapse server on debian or ubuntu
Hi, when I’m booting the system and entering password, after it says Root device mounted successfully, but /sbin/init does not exist. Do you know where is the problem or where I can find the solution?
Why is every tutorial show saving file in nano with three steps (Ctrl+O/Enter/Ctrl+X) instead of two steps Ctrl+S/Ctrl+X ?
is adding a swap partition more just a preference? or will a swap partition not work with an encrypted disk?
it will work, it's just a preference.
Dear denshi,
Can you do a comfy guide for setting up an openvpn server?
This is golden, have a like and sub!
I have separate /home partition!
So, if i follow the same steps with that partition, it will encrypt that too? With one password for root partition and one different password for home partition.
Will that mean I have to type 2 passwords to login?😅
Yes, if you encrypt both the root (/) and /home partitions with different passwords, you’ll need to enter both during boot one for the root and another for /home. This happens because each encrypted partition is independent. To avoid typing two passwords, you can configure /home to unlock automatically after the root is decrypted.
@wackyowl424 Nah, I installed Arch 1 month ago. And It's fine with 3 passwords.
1st for root
2nd for home
3rd for Display Manager (SDDM)
@@SpicyPoison yeah, that works
Hello! Good video, but I didn’t understand why you created a decrypted partition on the disk) in my opinion, it undermines security. Sorry if the question is stupid because maybe I misunderstood because I’m a newbie to Linux or didn’t understand because I don’t know English well. Thank you for your reply in advance!
The only decrypted partition is the boot partition, which contains your kernel and initramfs. While it is possible to also encrypt this partition, the security gain is negligible at best because you're probably not going to put any sensitive information here.
If you still want an encrypted boot partition, you can read more here: wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_(GRUB)
Once again, I didn't cover this in the video because you're probably not gonna put your passwords or any valuable information on your boot partition, but it's still an option to encrypt it if you wanna go through the extra steps.
video cured my brain cancer
make an updated version of gentoo
Thanks for the suggestion! I will add it to the list.
@@Denshihere is a additional suggestion
Create a updated comfy gentoo guide, as well as the encrypted guide
19:00
❤