this post was submitted on 18 Oct 2024
11 points (100.0% liked)

linux4noobs

1421 readers
2 users here now

linux4noobs


Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.


Seeking Support?

Community Rules

founded 1 year ago
MODERATORS
11
How to Encrypt Drives ? (self.linux4noobs)
submitted 2 months ago* (last edited 2 months ago) by gpstarman to c/linux4noobs@programming.dev
 

This is my disk layout:

500 GB Linux - BTRFS

100 GB Windows - NTFS

400 GB Storage - NTFS (shared between linux and windows)

I want to encrypt everything. For Linux I can use luks2 but what I'm supposed to do for Windows ? (No bitlocker please)

Will veracrypt replace refind boot manager?

Note: I am talking about the one that asks password before boot (full encryption)

top 7 comments
sorted by: hot top controversial new old
[–] HighlyRegardedArtist@lemmy.world 3 points 2 months ago (1 children)

If the reason for you wanting to avoid bitlocker is incompatibility with linux, you might want to reconsider. It's been many years since I had drives with bitlocker+ntfs, but they worked reasonably well back then with dislocker, so perhaps check that out before considering alternatives.

[–] gpstarman 1 points 2 months ago (1 children)

You can't choose the bitlocker password yourself right? If that's true, then that's why I avoid bitlocker.

[–] HighlyRegardedArtist@lemmy.world 1 points 2 months ago (1 children)

Years ago, you could - I'm not sure what the situation is currently, but it would be extremely weird if they had removed this possibility entirely. You could see if the official command line tool does what you need. At least there seems to be an option to change the password.

[–] gpstarman 1 points 2 months ago
[–] tal 2 points 2 months ago* (last edited 2 months ago) (2 children)

What type of encryption do you need? NTFS can natively provide encryption, but it's going to be file level. LUKS2 is block device level, so the whole filesystem looks like one encrypted blob.

EDIT: And I don't know if Linux can do encrypted NTFS. If not, that wouldn't work for the shared storage.

kagis

Nope. Looks like there's a utility, ntfsdecrypt, to do decryption on a file-by-file basis, though. Probably not what you want, though.

https://superuser.com/questions/1554798/access-files-encrypted-with-windows-efs-encrypting-file-system-on-linux

EDIT2: This guy is recommending VeraCrypt, as it works with both. I've never used it, though, and the post is eight years old, so I suppose the situation could have changed.

https://unix.stackexchange.com/questions/306398/does-linux-work-well-with-encrypted-ntfs-drives

Linux doesn't support NTFS file-level encryption. Bitlocker using the recovery key sorta works but is still very new(look here for more info). Windows in turn can't read LUKS-encrypted devices. If you need to share your encrypted drive between Windows and Linux, I'd recommend VeraCrypt or one of the other TrueCrypt forks.

[–] gpstarman 1 points 2 months ago* (last edited 2 months ago)

But veracrypt has it's own boot loader right? Won't it replace rEFInd?

[–] gpstarman 1 points 2 months ago* (last edited 2 months ago)

The one that asks password before boot (full encryption)