VeraCrypt icon indicating copy to clipboard operation
VeraCrypt copied to clipboard

Published 20 hours ago verified publisher icon veracrypt

Linux System Encryption

Open CodeWithShreyans opened this issue 4 years ago • 6 comments

Desired behavior

Linux System Encryption by modifying GRUB to make it so it asks for a password, decrypts the volume(s), and then continues the regular boot process OR A small simple bootloader to just decrypt the volume(s) and then chainload GRUB

Additional information

Maybe even support for dual-booting both encrypted OSes

I have very minimal knowledge about this topic, just wanted to share an idea.

CodeWithShreyans avatar Feb 10 '21 14:02 CodeWithShreyans

Why don't you go with LUKS directly? I used to have a Linux encrypted with LUKS and a Windows encrypted with VeraCrypt, before switching to TCG Opal, and it was working flawlessly.

caus909 avatar Feb 26 '21 18:02 caus909

Why don't you go with LUKS directly? I used to have a Linux encrypted with LUKS and a Windows encrypted with VeraCrypt, before switching to TCG Opal, and it was working flawlessly.

This is the same as if you are answering: Why aren't you using BitLocker on Windows?

iMonZ avatar Jan 09 '22 01:01 iMonZ

Closing because issue is stale now.

CodeWithShreyans avatar Jan 09 '22 11:01 CodeWithShreyans

Closing because issue is stale now.

Why is the issue stale? Since it’s still not done please reopen the issue

iMonZ avatar Jan 09 '22 14:01 iMonZ

Why don't you go with LUKS directly? I used to have a Linux encrypted with LUKS and a Windows encrypted with VeraCrypt, before switching to TCG Opal, and it was working flawlessly.

This is the same as if you are answering: Why aren't you using BitLocker on Windows?

No it's not, not at all.

First difference is that BitLocker is a proprietary software, on which you have basically no control and very few options. Not only you can't control much, but you can't be sure of anything. BitLocker may be sending a backup key to Microsoft and you wouldn't even know it. LUKS on the other hand, is open source, and fully customizable, like Veracrypt is. Wanting to use Veracrypt for system encryption on Windows is perfectly logical, there are a lot of issues with using BitLocker. LUKS on the other hand is perfectly fine to use.

Second difference is that while Veracrypt already implements system encryption on Windows and as such, is perfectly usable already for the job, it's not the case (yet?) for Linux system encryption. So, as of now, it's not an option.

Now don't get me wrong, I'm not saying that Veracrypt shouldn't or couldn't manage Linux system encryption. I'm asking the question to the author of the issue to give them a working alternative, either before Veracrypt implements it, or just an alternative, if LUKS happens to do the job they were looking for. That's all. But no, you can't compare LUKS and BitLocker.

caus909 avatar Jan 09 '22 14:01 caus909

LUKS is a pain in the a** to work with. It doesn't even have a shred of user friendliness. And also (at the time of creating this issue) GRUB, the most common bootloader for Linux still didn't have support for decrypting LUKS2 which had been out for about 4 years already! Couldn't really wait for GRUB to come around as their previous release was 3 years ago! Had no idea when next one would be and didn't want to use the much older and much less secure LUKS1. So probably why I created this issue.

This is no longer relevant for me anymore as:

  1. GRUB supports LUKS2.
  2. Systemd-boot is my Linux bootloader of choice.
  3. And I use macOS now.

CodeWithShreyans avatar Jan 09 '22 19:01 CodeWithShreyans