If I install PureOS on a Librem with full-disk encryption, what package/module/application is used? (I’m not sure if it lives in PureOS itself or the BIOS.)
From Jonas:
FDE (Full Disk Encryption) is applied independent of boot firmware. Technically it is called “LUKS” and encryption applied to “LVM” (narrow down your searches by looking for LUKS + LVM + Debian) [1]
Your laptop loads like this:
firmware → GRUB → Linux → Initramfs → LVM → LUKS → partitions → userspaceYou can check which parts of your running system is encrypted with this command in a terminal:
lsblk
At the lsblk output you should be able to identify your disks (disk), conventional disk partitions (part), LUKS encryption (crypt), and LVM partitions (lvm)
[1] Helpful links (including some from Jonas):
- https://wiki.debian.org/LVM#Encrypted_LVM (How LUKS encrypts LVM in Debian-based distros)
- https://www.debian.org/releases/stable/amd64/ch06s03.html.da#di-partition (authoritative but seems somewhat confusing in that it talks about selections you can do for a single partition when setting up manually, but not how the default automated FDE is composed)
- https://gitlab.com/cryptsetup/cryptsetup/ (homepage)
- https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions (FAQ)