Hello everyone
I recently switched from Manjaro to Endeavour some weeks ago and no problems so far. Anyway on Reddit today I saw a post about how to change root password without a user’s knowledge and the suggested solution was full disk encryption.
I always encrypt my Linux installs (except for Manjaro) and I did encrypt EOS the first time but when I booted up I couldn’t type anything for a long time and wasn’t getting any feedback even when I hit Return so my question is in two parts.
Is there a way to fully encrypt without reinstalling (I have no problem reinstalling but I have some questions if it comes to that) and is there a GUI that starts up and prompts the encryption key on start-up (Pop!_OS has a very simple nice GUI for that)?
So you did install choosing “encrypted installation” and now when you boot up you have a prompt for password but nothing happen when you hit the keyboard keys ?
If so, this is normal, the hit keys aren’t showing up, but there are indeed “working”.
I mean, if the install process went well, then you should type your password (the one for disk encryption) when prompted, even if nothing is “printing” on screen when you hit the keys, then hit enter and it should decrypt the disk and leads you to the log screen…
No, there is no way to get back to a fully encrypted system without a new installation.
Look for Plymouth. There you can configure a splash screen with a GUI for the encryption password. But this will only work if you install a system with an unencrypted /boot-partition. With a encrypted /boot-partition you only get a grub prompt for the encryption key. This will be no GUI.
EOS encrpyts your kernel and initramfs. This means that grub has to unlock the volume before loading your kernel. Unfortunately, grub does not provide a lot of options at that point
When distros, like pop, are showing you are a “pretty” unlock screen, they are using plymouth or something similar to do that. However, that requires that your kernel and initram be kept in an unencrypted location. If you are OK with that, during the install create an unencrypted /boot partition. Then you can install plymouth after the fact.
Hi
This is a neat description of what to do. So if I understand you correctly after my first login with an unencrypted EOS /boot I install Plymouth and configure it to work when the system starts yes?
That’s odd because hitting enter didn’t even give me an error which is why I reinstalled EOS all over again. I’m away on a trip atm but I’ll definitely try all the suggestions here when I’m back
Yes, but if your kernel/initram are encrypted, none of that matters because grub will have to decrypt your partition before any of that has a chance to be loaded.
