[drej]

What’s the story with full disk encryption on Ubuntu these days? Last time I checked (a while ago) it was a bit clunky, but now I’m considering a Linux desktop after 10 yrs of macOS and filevault, so checking my options. Thanks!

[pedrocr]

What was clunky? The installer supports it and then all you have to do is insert the password on boot.

[input_sh]

The initial setup is definitely easy, but I wish additional setup would have a graphical interface. Notably, changing or removing a passphrase, both of which should be tucked away somewhere in the settings.

Your current options are gnome-disks and cryptsetup, and the former simply didn't work with long passphrases last time I dabbled with it.

It's also quite difficult to encrypt an existing setup without formatting the drive. You'd need to unmount your root partition, and since you can't do that from a running system, you'd need to boot off of a USB stick first. BitLocker is definitely easier in that regard.

[kadoban]

I stopped using it recently, but cryptsetup (with luks if it matters) definitely allows passphrases. I think my longest was ~50 characters? Not sure if you were going beyond that.

I can't seem to find any old (or new) complaints about it limiting, or anything about a fix for same. You sure it was that?

[input_sh]

My mistake, I wanted to write that gnome-disks struggled with longer passphrases, not cryptsetup.

I've edited my comment above to fix that mistake.

[lukeschlather]

When I got a XPS 13 ~4 years ago full disk encryption didn't work at all on Ubuntu due to the NVME drive and Dell support had no workarounds and neither did the internet. I certainly hope it's fixed by now.

[nmstoker]

Interesting, I've had no problems with full disk encryption on my XPS 13 from around then but I did switch to Arch Linux at the same time I was setting it up.

[RandomBacon]

It's click-and-go, unless you want to manually set up different partitions for home, root, etc.

[blfr]

The installer will create an encrypted LVM for you. Zero hassle.