There's a simple answer to this now. Download the Live ISO and use the Calamares installer. It's default FDE encryption leaves /boot on the system partition and handles Grub setup for you.How to get full disk encryption.
Power users can do the same thing manually (more options), but I've never tried.
Secure against what? Bear in mind, encryption does nothing once the system is booted. Who or what are you worried about accessing the machine when shut down?What encryption selections are more / less secure and just how "secure" they are
Please do an internet search, e.g., luks change password. Would be much faster than my typing it up for you.How to change / update the disk encryption password
Recover from what? Notice a pattern? Also, makes a difference whether LVM (logical volume management) is in the mix. Standard installer uses it, Calamares does not. Anyhoo, broadly speaking, you decrypt the system partition from a live session, mount /dev/mapper devices/volumes, set up a chroot, and effect the repair there. I strongly recommend practicing in a test box (VM or full install USB drive) before encrypting your daily driver.How to do recovery on systems that have full disk encryption
Caveat: I've dabbled in system encryption out of curiosity and set up several test boxes with it. Don't use on my main system and don't recommend it. Repairing an encrypted system is complicated and requires first rate CLI skills. Encrypting data is another matter. That's often appropriate, though best reserved (imho) for files which actually need it.
Statistics: Posted by pbear — 2024-04-27 02:54