As far as I know, the Asahi Remix installer script doesn’t offer the option to set up an encrypted root partition at installation, as the anaconda installer does, just a selection of curated package sets for different desktop environments/use cases. It is possible to manually set up encryption post-installation, though it is a significant increase in bother. Are there any plans to add this to the installer?
Here’s a guide from David Alger that details how you can deploy Fedora Asahi Remix with LUKS:
However, there are a few things that have changed since the guide was first written (copied here from Leif Liddy’s Matrix chat earlier this month):
- The
cryptsetup cracklib cracklib-dictsrpms are now included in the main image (and the USB image). - You now need to run the following commands in U-Boot to boot a USB drive:
env set boot_efi_bootmgr
run usb_boot (or bootcmd_usb0)
- The USB install has a
chroot.asahicommand built into it that will mount the internal drives under /mnt and then chroots into it (link).
Moreover, when you use arch-chroot (vs just chroot) you don’t have to bind mount the /dev, /proc, /sys…etc directories - it’ll do that for you.
You’ll also notice that the guide uses Leif’s installation script, which is nearly identical to the official one but with a few improvements.
Glad to see the first reply marked as a solution, because it is a very nice rundown on how to get that set up right now (especially with the follow-up conte{n,x}t, I appreciate the diligent and thoughtful reply @jasoneckert).
That said, I’m slightly worried that having an official “answered”/“solved” status will bury the actual question: are there any plans to add options with disk encryption to the asahi installation script? It seems that the point at which it would be simplest to encrypt a partition is when they’re being created. (In theory, at least: I’m quite willing to believe that the installation script being run in macOS userland complicates that tidy little mental image).
To be clear, I ask out of curiosity and perhaps to register interest; I’m grateful to the folks working on the huge pile of other tasks needed to get the asahi remix ready to release and do not feel particularly entitled to complicate that roadmap 
1 Like
No problem 
Whether the installer will support LUKS in the future was asked on the Matrix chat earlier this month, and as you suspected, Hector Martin noted that it is “planned for the future but not right now. it needs quite a bit of integration/investigation to figure out how to offer that option reasonably and safely.”
From February onwards, that chat also has great commentary and information regarding LUKS implementation options/considerations specifically for Fedora Asahi Remix.