Linux

17374 readers

25 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.
Be respectful: Treat fellow community members with respect and courtesy.
Quality over quantity: Share informative and thought-provoking content.
No spam or self-promotion: Avoid excessive self-promotion or spamming.
No NSFW adult content
Follow general lemmy guidelines.

founded 2 years ago

MODERATORS

MigratingtoLemmy@lemmy.world

149

I bought a Linux tablet, and it’s both better and worse than Android (www.howtogeek.com)

submitted 2 weeks ago* (last edited 2 weeks ago) by ekZepp@lemmy.world to c/linux@lemmy.world

34 comments fedilink hide all child comments

By Bertel King - Published Apr 22, 2026

From the moment GNOME 3 launched back in 2011, I felt like it was perfect for a touchscreen, and I’m happy to say that it absolutely is. I’d even go so far as to say that the GNOME interface is a better way to navigate a touchscreen than that of Android or iOS. I’ve said before that I would love to see an official GNOME-only OS, and this experience has only strengthened that desire.

Every aspect of GNOME is easy to tap with a finger. Opening the app drawer and swiping between workspaces feels completely natural with three-finger gestures. Windows are easy to drag around, maximize, or pin to the side. The virtual keyboard that pops up when I tap an input field is the only visual distinction from desktop GNOME. (...)

you are viewing a single comment's thread
view the rest of the comments

[–] INeedMana@piefed.zip 5 points 1 week ago (2 children)

If you want the OS to boot before it decrypts your drive, why encrypt it in the first place? Honest question, not an attack. For OS to boot without any password it needs to be booting from unencrypted drive. So the attacker could just put their keyloggers on that drive

read only OS partition to boot and then encrypts your user data partition, can I do that with Linux?

Yes. Just encrypt /home partition only

[–] panda_abyss@lemmy.ca 2 points 1 week ago (1 children)

I’ve run into a few reasons:

I have a Thunderbolt Display+dock, and I need boltctl to interface with my peripherals. It’s why I can’t use gnome (gnome greeter can’t run boltctl to verify the devices)
headless modes
and as this article adds, tablet modes.

Generally though I think OS encryption isn’t that important (verification is) vs protecting user data.

[–] INeedMana@piefed.zip 1 points 1 week ago

OS encryption isn’t that important (verification is)

I don't think I've heard about some boot-time checksum verification of root partition. Doesn't mean it does not exist, just that I can't help here

protecting user data

My point is: if OS is not encrypted, it can be modified. And that verification idea, if is not stored under some encryption, could also be changed. Which means that by the time you put in your password to decrypt your home, you might be already running system that will nullify the protection. Encrypting your drive will only protect you in scenarios when someone snatches your device turned off

[–] sonofearth@lemmy.world 1 points 1 week ago (1 children)

Yes. Just encrypt /home partition only

This is dangerous. As some data like cache and logs are stored in the root partition. So some of your data from home partition might trickle up the root partition in that form.

why encrypt it in the first place?

My threat model doesn’t include someone gaining direct access to my home desktop. I have Arch Linux with Secure Boot and TPM 2.0 enabled on fully encrypted drive and this chain’s existence makes it easier to know that no one has tampered with my system. On my laptop I am one step further with requirement of BIOS password.

[–] INeedMana@piefed.zip 1 points 1 week ago (1 children)

This is dangerous

Hence my point about why bother at all. Without full encryption one gets leaks. With full encryption some kind of secret is required. Either password (hence that need of keyboard in earlier comment) or a key, etc

In order to not need a secret during boot, critical parts have to be exposed

Theoretically one could also put logs and cache on encrypted volumes. Maybe that could be some solution. I have in the past had /var/logs on separate partition, so it didn't make /run out of space. Linux had no issue with that. But that still leaves kernel and OS exposed

fully encrypted drive and this chain’s existence makes it easier to know that no one has tampered with my system

The comment I responded to mentioned:

needing to enter a password before the OS boots is a decision that makes Linux kind of awkward to use disk encryption with

I don't think you are talking about the same setup and vectors. Their point was to not have fully encrypted drive, so it boots without a prompt

[–] sonofearth@lemmy.world 2 points 1 week ago (1 children)

Their point was to not have fully encrypted drive, so it boots without a prompt

You can achieve this even with full disk encryption with Secure Boot and TPM. That’s how Bitlocker does it. I have this setup on my Desktop — One single root partition with LUKS, Secure Boot on with sbctl and cryptenroll for tpm unlocking. Takes less than 5 mins to setup.

[–] INeedMana@piefed.zip 1 points 1 week ago

Well, TIL
When Windows users had to switch versions because of TPM I was not paying attention, I run Linux everywhere. Apparently there can be some use of TPM

But then, without a separate stage of encryption (like encrypting /home additionally), the system will just boot up with the data available. It can still be messed with