Disk decryption passphrase

Yes, I tried, and it worked.
Disks > SD Card Reader > Partition 2, 31 GB LUKS > Gears button > Change Passphrase…

Which part is encrypted with this passphrase? Where /home/purism is, or something else?

Whole disk except /boot.

Sometimes, after entering the correct disk decryption passphrase, it says something after 5-6 secs in the middle of the black screen as one line that it has to cancel something related to decryption. It’s to fast to memorize it. I will try to capture it with the cam of another mobile… Or do you know what the message could be and wants to say?

Just Reflashed my L5 Phone, but LUKS Disk Encryption is not enabled.

How to reflash to get LUKS Disk Encryption?

Use this HowTo:

1 Like

Isn’t LUKS disk encryption now standard with the reflash process?

From the first post in this topic it seems disk encryption is now standard on new L5s.

1 Like

With the delivery of a new L5. If you want to use the encryption you have to flash it with the HowTo :slight_smile:

Why this complicated way?

There must be a factory image with LUKS disk encryption which can be provided and used with the official Reflash procedure.

1 Like

I received my Librem5 this week. Disk encryption was enabled by default.

Yes, after entering the decryption passphrase correctly, it says for a short moment

cryptsetup: crypt_root: set up successfully

Sometimes it gives an error message, even when the passphrase was correct. It seems this happens, when the shutdown was not executed correctly. Will try to find the pattern and grab a video of the message.

1 Like

That’s most likely fsck.

I received my Librem 5 Evergreen today, after four years since my order. I put it in charge, without turning it on, the message “Enter disk decryption passphrase” appeared. Question, what is the passphrase of my device? and why is it required in the charging phase?

This is what you’re looking for – it’s the same for all phones that ship (until you change it). How to change each of them is in various responses to the post.

1 Like

Thanks, but i think it should be indicated on the “quick start guide”.

1 Like

We think so too:

I dont think so. I know fsck output for 30++ years. This message on the L5 in a one liner and says something about decrypt canceled....

Aaahhhhhhh that’s why it doesn’t work!! I changed the standard one (123456) for mine including numbers, letters and special characters!!!
And yes, it’s possible to change it by terminal commands line or setting in disk app! But it’d be a warning about this limitation! I did both ways without receive warning message :man_facepalming:
Anyway thank you for this info!
Now I’ve to flash again my L5 :sweat_smile:

PS: I found right now that also it’s suggested don’t use gnome disks to change password because it destroys encryption! So I’ve to change it just manually from terminal by commands line, correct?

1 Like

I modified my disk encryption password (only numbers!!!) throw gnome disks and it’s working!!!
Just to let you know!!
:blush::wave:

1 Like

I think in “the user passphrase can be changed in settings (but yes, for now it’s numbers only)” Dorota is talking about the login password that is associated with the purism user i.e. the password used to unlock the phone after initial boot and thereafter any time the lock screen activates.

That is quite separate from the disk encryption passphrase (the LUKS passphrase) that is used during the boot to access the content of an encrypted disk.

The only restriction on the disk encryption passphrase is that it should be printable ASCII characters only. It is not restricted to digits only.

However I admit that for changing both of these (disk encryption passphrase, purism password) for initial install, I used the command line. So I am not really across what restrictions or problems the corresponding GUIs might have.

To be honest, a digits-only disk encryption passphrase is probably not strong enough but a) as always, that depends on your threat model and b) even a shortish digits-only disk encryption passphrase is some kind of protection for the information on your phone in the event that your phone is subject to casual (untargeted) theft or loss.

2 Likes