Hello everyone,
I’ve been using Fedora as my main OS on my desktop for about a month and a half now.
I want to do the same on my laptop—I’ve already installed Fedora 43 KDE (non-atomic) to test if my hardware is now properly supported (it wasn’t when I bought my Ultra Core 5; sound and Wi-Fi didn’t work at the time).
Since this is a laptop I’ll be carrying around, I miss one thing compared to Windows: the disk encryption I had with BitLocker.
I’d like to do something similar with Fedora, ideally starting from my current installation (but I can start from scratch if it’s easier), while keeping the convenience of BitLocker.
In the past, I tried disk encryption but didn’t like the two-step process: entering the passphrase, then the session password. I’m not sure how BitLocker works exactly, but the PC boots and you only have to enter the Windows password (unless there’s a BIOS change, like disabling Secure Boot).
On my Asus ROG Ally, I installed Bazzite and saw a command: ujust setup-luks-tpm-unlock, which, as I understand it, stores the passphrase in the TPM chip, avoiding the need to enter the passphrase at boot.
Is it possible to do the same on a vanilla Fedora 43 (non-atomic, KDE)? I should mention that I still have a dual boot with Windows, and Secure Boot is enabled.
During installation, I created an EFI partition (/boot/efi) and an ext4 partition (/boot) for boot, and a BTRFS volume with subvolumes: root (/), var (/var), and home (/var/home). So I suppose I’d only need to encrypt the BTRFS volume.
Could you point me to the steps I should follow or a not-too-complex guide that applies to my situation? I’m still a beginner.
Thanks!
(this is a translation from french, sorry if there is some mistake).
