Boot encryption wallpaper and home folder encryption

Hi, new Arch based distro user here.

Two questions.

I have full disk encryption, and on boot I have text interface to insert encryption password to boot system and go to Grub.

How can I change (or maybe it can be implemented in the future by default) graphical version.
Similar to Ubuntu.

There is a system logo or wallpaper with field for password. It looks much better than just ugly text mode, especially on modern laptop.

And the second question is how can I encrypt only home folder? Other installers have this option to choose, maybe it is worth to add this also to allow user choose if they want full disc encryption or only home folder.
I followed few tutorials from web like this one https://www.raeder.technology/post/encrypt-home-directory and every time when I finish the process (without any errors) and login to check if it works, it doesn’t allow me to login. I did the same on Ubuntu (heh I am switching from Debian/Ubuntu, to Arch based distro) and it works fine. After command ecryptfs-migrate-home -u user I can login to that account, check passphrase and cleanup, but not in Endeavouros, probably I am missing something. Any suggestions? Or did someone encrypt home folder and can share steps? Maybe I should choose something else than ecryptfs.

Thanks in advance

None of the Arch based distros has a system logo when loading at any point.

I would generally urge people not to follow direct tutorials. They are almost never Arch based, and almost always don’t work for people. Please lookup information either here or on the Arch wiki.

You may want to start here as this looks promising. I don’t do encryption, so I can’t really help much beyond that.

https://wiki.archlinux.org/title/ECryptfs

1 Like

The option to encrypt only home is there but calamares offers only the option to encrypt partitions so you need to choose manual partitions and create a separate /home partition what can be encrypted…

Including a nicer unlock screen would be nice… but this is very hard to get working, if you find a solution or have any info/hint/link share it :wink:

And welcome at the purple side :enos:

2 Likes

Closest on Arch would be some trickery with Plymouth i think (video is bit outdated, but you’ll get an idea)

I was there but results were the same.

yeah I even created few themes for Plymouth in the past so if this is the same solution in Arch I think I will manage to create something and share here once done.

2 Likes

Welcome to the forum @hoek :tada::balloon:

@hoek , it will be nice if you make an EndeavourOS plymouth theme. I have an encrypted partition and i will be happy to change this actual command-line password request to an EOS one :wink:

I will work on this over the weekend on virtual machine and share my results.

1 Like

If your boot partition is encrypted (as part of a full disk encrypted setup), at this early stage in the boot process, there is only grub to unlock the drive to get to the initramfs and kernel. So AFAIK, no, there’s no way for plymouth to inject itself before the actual filesystem is unlocked and therefore no way around grub’s textual password prompt.

However, in case of an unencrypted /boot, things can be set up differently.

Hmm, not so sure, my Ubuntu machine with full disk encryption has graphical interface and I can switch it from text to graphical mode. I modified the plymounth files myself and switched these modes. Unfortunately, I don’t have time in a week to check the current distribution, so I can’t fully confirm or deny it. Certainly, when I get to it and analyze it, I will say something more, but I guess full disk encryption in Ubuntu works the same as in Arch so it is solved somehow.

I think Ubuntu doesn’t have full disk encryption by default (as a selection in its installer), or at least it was necessary to work on it a couple of years ago:

https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019

The final image of this tutorial shows that with encrypted GRUB there’s not image to display, only text.

This is not to say that it’s not possible, but from what I’ve read about it I think it isn’t possible to display an image in this situation.

Your Ubuntu /boot partition is unencrypted! So it’s not really “full disk encryption”. :wink:

Calamares (the installer) encrypts /boot by default. If you really need a prertty interface you’ll need to set up the encryption manually and leave /boot unencrypted.

Make sense. I found a few minutes and tried to configure it, but right, no image if /boot is encrypted. It looks like too many variables to make it works for everyone :frowning:
Especially that there are different plymouth options to set up for encrypted and not encrypted drives.
No one will rearrange partitions just to get a nice logo, what a pity. But following this one https://wiki.archlinux.org/title/plymouth with no /boot encrypted it is possible.
I think I will stay for a longer with PopOS/Ubuntu/Debian and use Endeavouros just on virtual machine for testing. I am too old and too lazy to setup everything that works out of the box in other distros :stuck_out_tongue: but I like Arch for rolling releases stability and AUR repository, this is something I am missing in ‘other’ distros also Community repo looks more fresh in compare to others. Last but not least Endeavouros makes a lot in enabling people like me to make it easier and speed up many things, the community also looks committed.

Anyway thanks!

1 Like

Hi,

It seems like if you convert to systemd-boot its quite possible:

Follow this guide:
https://forum.endeavouros.com/t/tutorial-convert-to-systemd-boot/13290/2

then just follow the arch wiki guide

1 Like