My laptop isn’t under my supervision most of the time. And I’d hate it if someone were to steal my SSD, or whole laptop even, when I’m not around. Is there a way to encrypt everything, but still keep the device in sleep, and unclock it without much delay. It’s a very slow laptop. So decryption on login isn’t viable, takes too long. While booting up also takes forever, so it needs to be in a “safe” state when simply logged out. Maybe a way that’s decrypt-on-demand?

I’m on Arch with KDE.

  • UnRelatedBurner@sh.itjust.worksOP
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    Okay I just had a bit of freetime to test it: doesn’t work… if I log out or sleep, my home dir is still mounted. Meaning it’s as good as nothing. Looked at the plasma fix, didn’t work. I have a pretty good lead, that I need the topmost template from some wiki:

    [Unit]
    PartOf=graphical-session.target
    

    Problem is, where in the world should I write this? I really don’t expect you to know, but maybe I’m talking to a genius. The internet didn’t help, or I used it wrong.

    • thepiguy
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      The template is supposed to be something that you put in your own systemd services. plasma-kwin_x11.service and plasma-kwin_wayland.service both already have it.

      If I have to guess, it is probably a bug that will get fixed sometime in the future, meaning this is not a viable solution until then. Sorry for that.

      Just as a last bit of troubleshooting, check if cat ~/.config/startkderc shows systemBoot = true. If it does not, run kwriteconfig6 --file startkderc --group General --key systemdBoot true. I doubt this will change much, but still worth trying.

      If I get some free time, I will do some testing and let you know here

      • UnRelatedBurner@sh.itjust.worksOP
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        cat ~/.config/startkderc returns systemdBoot=true. I’m guessing you made a typo and this is correct. In this case I guess it just doesn’t work on KDE, my next idea is LUKS on /home and hibernating instead of sleeping. Or I always wanted to try a tiling window manager… hm

        • thepiguy
          link
          fedilink
          arrow-up
          2
          ·
          4 months ago

          systemdBoot is supposed to be true, not a typo. But yeah, I don’t use plasma much so I don’t really know how to solve the issue… Sorry for that!

          • UnRelatedBurner@sh.itjust.worksOP
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            No problem, thanks for the help. Also I got news is that I don’t have to trust anyone with my laptop, I can keep it by my side after all. Still it’s a security mesure, that I didn’t solve in time. fun fact: LUKS on /home only breaks KDE. I really don’t want to give up kde tho, I put on sway, realised that I needed to memorise console commands to change my fking volumes, so no thank you. I got spoiled by sweet UIs. it’s so comfortable that everything is at one place.