Skip Navigation

Encrypt whole system?

My laptop isn't under my supervision most of the time. And I'd hate it if someone were to steal my SSD, or whole laptop even, when I'm not around. Is there a way to encrypt everything, but still keep the device in sleep, and unclock it without much delay. It's a very slow laptop. So decryption on login isn't viable, takes too long. While booting up also takes forever, so it needs to be in a "safe" state when simply logged out. Maybe a way that's decrypt-on-demand?

I'm on Arch with KDE.

67

You're viewing a single thread.

67 comments
  • With an encrypted disk, you only need to enter the encryption password when you shutdown or restart. Suspending and sleep lock screen don't need your encryption password.

    • Suspending to disk usually requires a password on resume.

      • That's true for hibernation, but not suspending. Hibernation stores everything in RAM onto the disk then shuts off the PC; to resume the system, you need to unlock the disk to access that data. Suspending doesn't turn off the computer, it keeps the CPU and RAM active.

        On my Fedora system, I can hit the suspend button and get back into the OS without needing to type my encryption password, only my user password.

        • Ok so what do you call "sleep"? You've now listed suspending, sleeping, and hibernating as 3 different things.

          • I can sleep "sleep". All system components are still powered on at this stage, so it uses the most power. But at the same time it's the quickest to get back into your system. All that's really happening with sleep is that the screen turns off.

            Then you have suspend. Laptops often first go to sleep but then suspend after a long period of inactivity to save battery.

            Then you have hibernation. I don't think this is used that often nowadays.

67 comments