ive just switched from manjaro to endeavour. I am already familliar with long boot time, as manjaro also took quite some time to boot, after decrypting the drive. But endeavour just took it to another level. I am on a fresh install an the boot time is about 8 minutes with decryption. How can I (in this case drasticaly) reduce the boot time?
My partitions are split up in boot root and home using swap with 32gb RAM and a 16core 11th gen Intel.
I was already not cool with manjaro taking 4 minutes and i want to switch for various reason, but I cant shrink the boot time, endeavour is out for me…
Edit: i have checked my BIOS options, there is a Secure boot option, which is set to off (as i remember this is neccessary, otherwise linux wouldt boot?). Besides that, the device offers a hardware security-chip. Does anyone know, how to utilize this opportunities at best? The device is a thinkpad P1 gen4, this is usually a pretty powerfull device with many security features…
I do want my stuff to be encrypted and securely stored, but with good usability and least compromises on security.
I allways split partitions in swap root home and boot, usually encrypting every partition except from boot as luks drives (chosing ext4 at setup, checking “encryption” and providing a password. What is best practice here?
In my oppinion, encrypting the root partition seems to make sense, as the data stored there can give assumptions to what i’m doing on the device, asside from logs i suppose…
Edit 2:
allright guy, i suppose i have to excuse myself for making a typo in the grub conf, after correcting to ibt=off, updating and installing the driver again, i am at arroud 30s for grub decryption and about 30-40s for booting, seems fine.
are there any ways to improve that?
I will install again now, trying to set up systemd instead of grub, i remember being asked that in the installer.
yes, grub and partitions encrypted as luks drives, the swap is encrypted aswell, though im only being asked one password.
Ive used the “custom” settings to set the partitions.
home and root in ext4 with the checkbox encryption afterwards typing in a password.
The option “luks” doesnt allow to enter a password and the installer crashes at ~1-2% setting up luks drives.
System absolutely chugs when booting an encrypted /boot if you dont do this. This obviously reduces the security of said encrypted partition but unless you need to use grub or cant use secure boot/custom signing keys you can move to systemd-boot and use a unified kernel image with secure boot to keep your efi unencrypted and have the initial kernel,etc. that is in /boot signed/verified.
If youre not using an encrypted /boot then perhaps you arent using AES? AES should be hardware accelerated for both AMD and Intel to be nearly transparent for most people.
IDK why you’d even encrypt /boot. There should be NOTHING important there. For all intents and purposes if your machine is stolen, it’s already done for.
Same for /.
The only thing that should be encrypted is /home. Anything else is pointless.
there are some arguments to be made to the contrary but lets not derail the OPs support thread into a discussion of the merits to what is/isnt encrypted
i am pretty shure didnt enter a password for /boot…
secrureboot is an alternative to grub? do you mean files as custom signing keys, like usb sticks?