I installed endeavourOS 2 days ago and then, the next day, there was a newnrelease of endeavourOS. It’s supposed to have better encryption. Is it possible to upgrade encryption on Linux? An unrelated question: is it possible to change the password of an encrypted partition? I’m a beginner, so please explain your magical commands.
If you’re a beginner then don’t worry about the encryption. Unless you’re hiding from some three-letter agency or being targeted by hackers or something, LUKS1 encryption is more than good enough (for an average home user).
But just so you’re aware, whilst it’s trivial to convert to LUKS2 using
cryptsetup convert
, you’ll need to first switch your bootloader tosystemd-boot
from GRUB, and that may not be a trivial process as there’re multiple variables involved - is your ESP big enough, have you mounted your ESP to/boot
, whether you’re using secure boot or not, whether you’re dual-booting or not etc. Plus you’ll also need to manually create a bootloader config file that’s specific to your system, and maybe even add a line to load a CPU microcode file if you’re on Intel… there’s a lot of things to consider here.Honestly, I wouldn’t recommend EndeavorOS to you as a newbie, because it’s basically Arch, but by making the installation easy, you’re skipping all the knowledge you’d get of your system and how it works. And when it comes to situations like you’re in, you reach a roadblock because you took the easy path.
If you’re really interested in Arch then I’d recommend wiping your system and install Arch manually, the Arch way.
GRUB works just fine with LUKS2 these days. There is no need to switch bootloaders.
Apparently there’s still some limitations, according to the Arch Wiki:
There is this patch, although I have not tested it myself. There is always
cryptsetup luksAddKey --pbkdf pbkdf2
.That patch looks promising. But I wouldn’t recommend PBKDF2, I mean if you’re going to go thru the trouble of converting to LUKS2 for stronger encryption, might as well go for Argon2.
deleted by creator
I guess I’ll wait a few years until it’s worth upgrading encryption.