My laptop isn’t under my supervision most of the time. And I’d hate it if someone were to steal my SSD, or whole laptop even, when I’m not around. Is there a way to encrypt everything, but still keep the device in sleep, and unclock it without much delay. It’s a very slow laptop. So decryption on login isn’t viable, takes too long. While booting up also takes forever, so it needs to be in a “safe” state when simply logged out. Maybe a way that’s decrypt-on-demand?
I’m on Arch with KDE.
I’m pretty sure all the major distros have FDE as an option in the installer its just never on by default. Fedora does the same but with BTRFS on LUKS. I’m sure Debian does. Someone else says OpenSuse does. Maybe some derivative distros don’t but I suspect the ones with an graphical installer do.
Except PopOS, as I understand it. IMO that is a major point in its favor and against its competitors, given the dominance of laptops today. I see no reason why this is still opt-in, rather than opt-out as on mobile OSs.
I think PopOS can safely assume that its being installed on a laptop with only one drive. If there’s multiple drives involved then the setup gets far more complicated as you then must go to something like an LUKS on LVM setup. Basically, for a desktop there’s no safe defaults for FDE.
Sure, but in that case the default encryption could easily be switched off for multiple-drive setups. Basically, the default setting is what’s important.