this post was submitted on 22 Apr 2026
149 points (99.3% liked)

Linux

17374 readers
25 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
MigratingtoLemmy@lemmy.world
149
I bought a Linux tablet, and it’s both better and worse than Android (www.howtogeek.com)
submitted 2 weeks ago* (last edited 2 weeks ago) by ekZepp@lemmy.world to c/linux@lemmy.world
34 comments fedilink hide all child comments
 

By Bertel King - Published Apr 22, 2026

From the moment GNOME 3 launched back in 2011, I felt like it was perfect for a touchscreen, and I’m happy to say that it absolutely is. I’d even go so far as to say that the GNOME interface is a better way to navigate a touchscreen than that of Android or iOS. I’ve said before that I would love to see an official GNOME-only OS, and this experience has only strengthened that desire.

Every aspect of GNOME is easy to tap with a finger. Opening the app drawer and swiping between workspaces feels completely natural with three-finger gestures. Windows are easy to drag around, maximize, or pin to the side. The virtual keyboard that pops up when I tap an input field is the only visual distinction from desktop GNOME. (...)

all 35 comments
sorted by: hot top controversial new old
[–] panda_abyss@lemmy.ca 18 points 2 weeks ago (5 children)

Encrypting my hard drive requires a password at boot, which meant physically plugging in a keyboard until I could figure out how to decrypt using a USB drive instead. For a device that can easily be forgotten in public and one whose back can be easily taken off, I’m willing to deal with this slight inconvenience for encryption, but it’s one Android doesn’t require.

This is an issue I run into running a headless Linux computer as well. On macOS I’m never running headless, so never ran into this issue. But needing to enter a password before the OS boots is a decision that makes Linux kind of awkward to use disk encryption with.

And I’m almost certainly doing it wrong, so would appreciate being nudged in the right direction.

I’ve seen a post about storing the encryption keys in TPM, but others say then you can lose your keys if the mobo dies. I’ve heard you can use ssh keys, but I’m not sure how — and here that would require a second device to unlock your tablet.

macOS uses a read only OS partition to boot and then encrypts your user data partition, can I do that with Linux?

[–] tofu@lemmy.nocturnal.garden 14 points 2 weeks ago (2 children)

Yes, the dual partition approach is what I usually do with LUKS

[–] panda_abyss@lemmy.ca 9 points 2 weeks ago (1 children)

Okay, on the weekend I’ll see if that can work with NixOS (so far my favourite distro).

[–] kork349d@lemmy.ml 6 points 2 weeks ago

You can write a luks key to a usb stick and use that to automatically decrypt at boot. https://wiki.nixos.org/wiki/Full_Disk_Encryption#Unattended_Boot_via_USB

[–] ghen@sh.itjust.works 5 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

What's the general concept for setting up a dual partition for this purpose? I'm thinking of making a Linux server myself pretty soon.

[–] Fmstrat@lemmy.world 1 points 1 week ago

Might want to try this instead: https://lemmy.world/comment/23441076

[–] INeedMana@piefed.zip 5 points 2 weeks ago (2 children)

If you want the OS to boot before it decrypts your drive, why encrypt it in the first place? Honest question, not an attack. For OS to boot without any password it needs to be booting from unencrypted drive. So the attacker could just put their keyloggers on that drive

read only OS partition to boot and then encrypts your user data partition, can I do that with Linux?

Yes. Just encrypt /home partition only

[–] panda_abyss@lemmy.ca 2 points 2 weeks ago (1 children)

I’ve run into a few reasons:

  • I have a Thunderbolt Display+dock, and I need boltctl to interface with my peripherals. It’s why I can’t use gnome (gnome greeter can’t run boltctl to verify the devices)
  • headless modes
  • and as this article adds, tablet modes.

Generally though I think OS encryption isn’t that important (verification is) vs protecting user data.

[–] INeedMana@piefed.zip 1 points 1 week ago

OS encryption isn’t that important (verification is)

I don't think I've heard about some boot-time checksum verification of root partition. Doesn't mean it does not exist, just that I can't help here

protecting user data

My point is: if OS is not encrypted, it can be modified. And that verification idea, if is not stored under some encryption, could also be changed. Which means that by the time you put in your password to decrypt your home, you might be already running system that will nullify the protection. Encrypting your drive will only protect you in scenarios when someone snatches your device turned off

[–] sonofearth@lemmy.world 1 points 1 week ago (1 children)

Yes. Just encrypt /home partition only

This is dangerous. As some data like cache and logs are stored in the root partition. So some of your data from home partition might trickle up the root partition in that form.

why encrypt it in the first place?

My threat model doesn’t include someone gaining direct access to my home desktop. I have Arch Linux with Secure Boot and TPM 2.0 enabled on fully encrypted drive and this chain’s existence makes it easier to know that no one has tampered with my system. On my laptop I am one step further with requirement of BIOS password.

[–] INeedMana@piefed.zip 1 points 1 week ago (1 children)

This is dangerous

Hence my point about why bother at all. Without full encryption one gets leaks. With full encryption some kind of secret is required. Either password (hence that need of keyboard in earlier comment) or a key, etc

In order to not need a secret during boot, critical parts have to be exposed

Theoretically one could also put logs and cache on encrypted volumes. Maybe that could be some solution. I have in the past had /var/logs on separate partition, so it didn't make /run out of space. Linux had no issue with that. But that still leaves kernel and OS exposed

fully encrypted drive and this chain’s existence makes it easier to know that no one has tampered with my system

The comment I responded to mentioned:

needing to enter a password before the OS boots is a decision that makes Linux kind of awkward to use disk encryption with

I don't think you are talking about the same setup and vectors. Their point was to not have fully encrypted drive, so it boots without a prompt

[–] sonofearth@lemmy.world 2 points 1 week ago (1 children)

Their point was to not have fully encrypted drive, so it boots without a prompt

You can achieve this even with full disk encryption with Secure Boot and TPM. That’s how Bitlocker does it. I have this setup on my Desktop — One single root partition with LUKS, Secure Boot on with sbctl and cryptenroll for tpm unlocking. Takes less than 5 mins to setup.

[–] INeedMana@piefed.zip 1 points 1 week ago

Well, TIL
When Windows users had to switch versions because of TPM I was not paying attention, I run Linux everywhere. Apparently there can be some use of TPM

But then, without a separate stage of encryption (like encrypting /home additionally), the system will just boot up with the data available. It can still be messed with

[–] Amaterasu@lemmy.world 4 points 2 weeks ago (1 children)

TPM2 + Secure Boot via systemd-cryptenroll is the closest to the "just works" FileVault/Android experience. Keep a recovery passphrase in your password manager. You don't lose your data if the motherboard dies, you just use the recovery key.

I use this on my daily drive laptop. Only real hiccup is that I still keep the dual boot because fwupd does not cover my laptop BIOS firmware updates but in a Linux tablet this a no issue.

[–] Fmstrat@lemmy.world 1 points 1 week ago (1 children)

Why not use LUKS? Hibernate to partition (even LVM) works, all native, and full disk support.

[–] Amaterasu@lemmy.world 0 points 1 week ago (1 children)

LUKS isn’t the alternative here, it’s the baseline. The question is how to unlock LUKS without manual passphrase entry at boot.

Using TPM2 + Secure Boot (e.g. via systemd-cryptenroll) binds the LUKS key to platform integrity, so it auto-unlocks when the system hasn’t been tampered with. You still keep a recovery passphrase, so you’re not locked out if hardware changes or fails.

[–] Fmstrat@lemmy.world 0 points 1 week ago (1 children)

But then anyone can just walk up to the machine and turn it on and have it be decrypted. Am I missing something?

[–] Amaterasu@lemmy.world 1 points 1 week ago (1 children)

TPM auto-unlock still relies on measured boot integrity (Secure Boot/PCRs), so it protects against offline theft and tampering when the machine is off or storage is removed.

But if an attacker has repeated physical access during boot, the protection depends on whether you’ve added extra factors like a TPM PIN or pre-boot passphrase. Login prompts don’t re-protect the disk once it’s decrypted.

In practice, for my use case (mostly shutdown or battery-dead scenarios), this is an acceptable trade-off for convenience. If your threat model includes targeted physical access during boot, then keeping a pre-boot secret is still the safer choice.

[–] Fmstrat@lemmy.world 1 points 1 week ago

Ahh so the pin or passphrase would basically give the same protection. Thanks.

[–] sonofearth@lemmy.world 3 points 1 week ago

storing the encryption keys in TPM, but others say then you can lose your keys if the mobo dies

That doesn’t mean you can’t decrypt your drive. It is just that it won’t be automatically encrypted at boot.

[–] Fmstrat@lemmy.world 1 points 1 week ago* (last edited 1 week ago)

I'm about to make you happy. The below script puts SSH into initramfs, so you can SSH in to a prompt and type your LUKS password at boot. No part of the system is accessible over this SSH connection, just the prompt. You also still get the prompt locally on screen.

PORT=22
PUBKEY=...
sudo apt install -y dropbear-initramfs
echo "DROPBEAR_OPTIONS=\"-I 180 -j -k -p ${PORT} -s\"" |sudo tee -a /etc/dropbear/initramfs/dropbear.conf
echo "no-port-forwarding,no-agent-forwarding,no-x11-forwarding,command=\"/bin/cryptroot-unlock\" ${PUBKEY}" |sudo tee /etc/dropbear/initramfs/authorized_keys
sudo dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key /etc/dropbear/initramfs/dropbear_ecdsa_host_key
sudo dropbearconvert openssh dropbear /etc/ssh/ssh_host_ed25519_key /etc/dropbear/initramfs/dropbear_ed25519_host_key
sudo dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear/initramfs/dropbear_rsa_host_key
sudo update-initramfs -u -k all

@tofu@lemmy.nocturnal.garden for if this is easier than what you are doing.

[–] Zak@lemmy.world 15 points 2 weeks ago (1 children)

I've been running Gnome on a Surface for a while. It's an outstanding tablet UI except for its onscreen keyboard. The keyboard is terrible. I could write a full-length article about how terrible the keyboard is, but here are a few quick complaints:

  • No long-press layer; most other OSKs have a secondary layer to get numbers and punctuation via long-press
  • No way to move the cursor; it's drag on the spacebar for most OSKs
  • No way to add the number row to the default layer; numbers always require tapping a key to activate the number layer
  • No arrow or modifier keys by default; they show up in Gnome Console, but I might use a different terminal app or need them elsewhere
  • No good way to switch to a third-party keyboard system-wide; even iOS has that now
[–] SaveTheTuaHawk@lemmy.ca 5 points 1 week ago (2 children)

I could write a full-length article about how terrible the keyboard is

Well then, it couldn't be that bad.

[–] Zak@lemmy.world 6 points 1 week ago (1 children)

I suppose I should clarify that I could write a full-length article about it on something else.

[–] melfie@lemmy.zip 1 points 1 week ago

I see what you did there. 😆

[–] quick_snail@feddit.nl 12 points 1 week ago

Linux hardware can be a mixed bag. Most companies that sell PCs with Linux pre-installed are using off-the-shelf parts. When Star Labs offered a bespoke tablet

Wut. Why would you want some shitty bespoke solution? That's vendor lock-in, broken drivers, and irreparable.

Meanwhile the rest of us are demanding off-the-shelf parts

[–] captain_aggravated@sh.itjust.works 10 points 1 week ago (1 children)

I've been using Fedora GNOME on a Lenovo Ideapad Duet 3i for awhile. It's one of those Surface-alikes, it's electrically an x86 laptop with a wacom touch screen and the keyboard is on a floppy rubber flap hinge that can magnetically detach to give you a tablet.

Gnome itself is better than un-fucking-usable. It doesn't really make any intuitive sense, because Gnome is developed by Species 8472. There's a gesture to open the onscreen keyboard. Because Gnome is designed primarily for use with the keyboard, they figure you need constant access to it even if there's no text field available on the screen. Because you're definitely pressing Ctrl+Alt+Meta+Alt-Gr+Shift+Super+T to launch the web browser or whatever makes sense in Fluidic Space on a touch keyboard. It's a similar gesture to the one for opening the app drawer.

All onscreen keyboards available in Linux are quarter-baked. They barely function to enter text. They're so poorly featured they're more of a burden than waiting until you're back at your desk.

There are no apps in the Linux ecosystem designed for tablet use. Nothing is touch-screen friendly and it never will be. Even the wacom tablet...

So here's another issue, the little laptop I have has a wacom tablet feature so it's stylus compatible. Badly. Part of the issue is it's a weird, low-volume computer. Part of the issue is it's a 1080x1920 resolution display. Yeah, it's native portrait mode. Everything in Linux seems to assume a native landscape mode. So you can feel the little fuckist having an argument with itself. "You mean 1920x1080." "No, I mean 1080x1920." So you'll get bizarre things like the touch screen or digitizer being rotated 90 degrees from what the display is showing. Getting second or third buttons on a stylus working is a lol no, pressure sensitivity comes and goes...we're in the land of "we made whatever the fuck we wanted to this week and we'll give Microsoft a special shim to make it work in Windows." and Linux never gets the equivalent of that shim, so it'll never work right.

Back to the apps, everything is tiny and assumes you have a three button mouse and full QWERTY keyboard. Reading a PDF document sucks on a Fedora Gnome tablet. Zooming in and out and scrolling around just...sucks. Because it's not a touch screen app reading touch inputs, it's a desktop app reading mouse inputs that were translated from touch inputs by a zoomer freshman equipped with "Jeff Foxworthy's touch interface to mouse interface phrasebook v0.0.6".

[–] paper_moon@lemmy.world 1 points 1 week ago* (last edited 1 week ago)

Well, whatever this.. Is.. I'll still offer maybe try gnome-mobile if you can, and see if thats any better on the touch interface. Also, check out flatpaks for apps, as there's a decent amount of them that support responsive design, so they at least scale in tablets and phones.

There's also a gnome extension that can manually rotate the screen instead of relying on the sensors.

I've been messing around with postmarketOS and gnome-mobile, flatpak apps, and waydroid for android apps, are the 3 things that make it sorts usable. Now if only we could get VoLTE, working cameras, and bluetooth passthrough to waydroid container, that would make me a very happy linux fan.

[–] potatoguy@mbin.potato-guy.space 4 points 2 weeks ago

On decryption, there's unl0kr, as this describes

[–] wjrii@lemmy.world 4 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I managed to get Debian with XFCE running permanently on a 6 year old Lenovo ChromeTab. It mostly works, but "touchscreen as a mouse" is clunky and the onscreen keyboard I use, "Onboard," is utilitarian at best. As a low-distraction writing device paired with a mechanical keyboard and FocusWriter, it's pretty cool. If anything, it's a bit too decent a setup for that purpose, as the browser is usable and I left Wifi working.

Now to actually start using it... 🤣

[–] paper_moon@lemmy.world 2 points 1 week ago* (last edited 1 week ago)

I've been messing around with gnome-mobile on postmarketos and I like that quite a bit. I'm not sure how it scales and works with tablets as I was using it on a phone, but if you're looking for an android like interface experience (no touchscreen as a mouse), gnome-mobile was nice.

https://wiki.postmarketos.org/wiki/Category:Interface

[–] Ascend910@lemmy.ml 1 points 1 week ago

jing os was such a missed opportunity for linux tablet i am still sad about it

[–] dylanmorgan@sh.itjust.works 1 points 1 week ago

It would be great if sites didn’t say I have adblock when I don’t.