> When individuals speak of doing “big fist pumps” after their Arch installs successfully boot<p>After <a href="http://linuxfromscratch.org/" rel="nofollow">http://linuxfromscratch.org/</a> and <a href="https://gentoo.org/" rel="nofollow">https://gentoo.org/</a>, Arch seems a relatively smooth project.<p>> This was my journey to my first install. It was an encrypted one.<p>OK, this might be on the gnarly side.<p>Arch is that fellow in the neighborhood who doesn't say much, seems generally squared away, and is great to know when the fertilizer hits the air circulator.<p>Thanks, Arch!
If anyone is tempted to try encrypting their boot partition like I was last week, allow me to save you some trouble.<p>Yes, GRUB can technically decrypt a LUKS1 partition, but since the kernel isn't running yet, it has to use a standalone (slow) implementation. Takes my laptop 30 seconds to decrypt the boot partition using GRUB, and 2 seconds to decrypt the root partition once the kernel has started (same number of iterations).<p>I'm planning on replacing this mess with a systemd-boot EFI image and secure boot using my own PK.
>While you could deniably encrypt any system the mid-2014 Mac is special because it had a battery recall. The recall repair work gave owners the perfect excuse to shred their devices using crypto-randomness prior to service.<p>Do people really expect this stuff to hold up in court? Especially when you've written an entire public blog post on how to deniably encrypt one