Encrypted root with single password prompt

This blog post covers the current state of the art in Linux world, and why it isn’t really possible to do exactly what those OSes do: Authenticated Boot and Disk Encryption on Linux

It also features a proposal for how we can get there, and there were calls to implement it in NixOS when that post surfaced. You might want to track sign bootloader to make it compatible with UEFI secure boot? · Issue #42127 · NixOS/nixpkgs · GitHub.

@emmanuelrosa’s suggestion is the best interim, but don’t be tempted to not set a password/have no lock screen, since that makes your system susceptible to run-time attacks.

3 Likes