• Newbie with a question on encrypted installation

    Hi everyone, Antergos and general Linux newbie here.

    Currently tinkering with Antergos on VM and planning to do a real install on my laptop in the near future.

    During installing on VM, I’ve noticed that Antergos allows encryption of the hard drive when installing. I was interested in the feature and did a bit of searching and found that encryption could be done on different folders (is that the correct term?), such as /root and /home.

    As a complete noob I have no idea what the difference is between the two.

    Say in the future I plan to install Antergos completely on my laptop (i.e. no Windows, no dual boot) and I want to encrypt my entire hard drive, what should I be doing? I generally just want the drive to be encrypted so that no one can access it without my password, even when I lose the laptop.


  • @wackyquack If you have a hard drive you can easily choose for an encrypted setup during the Antergos installation, this is done with LUKS. Every boot, you will be asked to enter that passphrase. Your entire drive will be encrypted. there is no easy home folder encryption option, like with Ubuntu. You can undoubtedly set that up later after the installation, but Cnchi doesn’t offer that option now.

    If you have an SSD, there’s a chance it offers built-in drive encryption. You have to set that up in your BIOS.

    Be aware that losing your passphrase, you will not be able to access your OS anymore in the first case, in the second case your drive will become useless. And there’s also a performance penalty enabling full drive encryption.

    You should learn how to encrypt your home folder post-install, that’s sufficient in a lot of cases because that’s where all your sensitive stuff mostly is on a desktop computer.

  • @EarthMind thanks for the reply. In regards to the performance drop, how much should I expect? I currently have a PCI-E SSD installed on my laptop.

    As a side note, I plan to use VeraCrypt on an external hard drive. Will this double encryption (from SSD during install to the mounted block from VeraCrypt) cause even more performance degradation in terms of file read/write speeds?


  • That’s impossible to say. The performance degradation depends on a lot of factors. I think it’s not that bad though, especially not on a recent CPU with AES or AES-NI support and on an SSD (and otherwise nobody would be using it). Since you seem to be having a killer PCIe SSD, I think the result will not be too noticeable. There are a few benchmarks on phoronix.com I think, look them up for some examples.

    As for your second question, that’s also hard to answer. What I think happens is the files that are opened on your SSD will be decrypted and Veracrypt will then encrypt them again when you put them on your external drive. The reading of the file will only be a small performance drop because usually the writing is the slowest of the two. How slow Veracrypt will write the files depend mostly on the encryption technology you use. You can also use the benchmark tool in Veracrypt to have some tests.

    Still, I recommend limiting the encryption to your home folder only if only several files are sensitive. Those files should be put in your home folder always. And your user data and mails and browser cache are stored there also.

    For the best performance, use the hardware encryption of your SSD if it’s supported. But it’s very risky if you lose that passphrase…

installation322 newbie22 encrypted12 Posts 4Views 1735
Log in to reply
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.