 Linux is amazing. I think that everybody who watches this channel probably agrees with that. It's also very secure. Some people may not agree with that, but depending on how you look at it, Linux is actually much more secure than any other operating system on Earth. But most of that is security through obscurity. Linux is just so minimally used that the biggest hackers and stuff are just not gonna go after it. Now there is Linux malware and stuff like that, but most of that stuff is mostly pointed towards Linux on the server. Chances are the malware you would encounter on the Linux desktop is probably cryptocurrency malware-related stuff and even even that is very very rare. But there are things that we can do to make our Linux installs even more secure. And one of those things is to encrypt the install itself. So what I wanted to do today is actually go through an install Ubuntu in a VM and show you how disk encryption will actually work. Now I'm not going to get too much into the technological details of how encryption works and how you know it creates a secure disk drive and all this stuff. Mostly because I can't, I don't understand it and it's just beyond me to actually discuss those technological details. And I don't want to do that without actually having my head around it. But I can go through and show you how it works if you were to install your Linux distro with encryption enabled. At the end of the video I would like to answer the question should you encrypt your Linux install? So let's go ahead and install Ubuntu and see what Linux disk encryption looks like. Okay, so we're gonna go ahead and launch Ubuntu here in a virtual machine and we're gonna install it. And I'll show you how encrypting Ubuntu works. It works pretty much the same on every other Linux distribution, at least that uses a graphical installer. If you're installing Arch or something like Gen2, it works differently. Mainly because you're using a command line interface and so on and so forth. Let's go ahead and install Ubuntu just like we would normally would and this is right and I normally do this opposite and we'll leave that the same. And here's where we're going to be doing something different. Normally what we do is we just leave this checked and hit install now. But what we want to do here is click advanced features and click use LVM with the new Ubuntu installation and then encrypt the new Ubuntu installation for security. You'll choose a security key in the next step. Press okay and then hit install. And then here is where things get interesting. So let me read this out in case it's a little hard to read. Unfortunately, I can't make this bigger without doing weird things like, you know, install guest additions. Discription protects your files in case you lose your computer. It requires you to enter a security key each time the computer starts up. So this is very important. In other words, if you're going to do this, you have to make sure you choose a security key that you're going to remember because if you don't remember it, getting it back is damn near impossible. That means you'll lose all of your data. So make sure if you do this, you choose a security key that you will remember. It's very, very important. So I'm going to go ahead and enter a security key that I know I'll remember. Okay. And it says it's a strong password. A recovery key is generated and will be temporarily saved to the live system. You can select an alternate location, save this file and keep it in a safe place elsewhere before rebooting. So what you want to do then is save this file here in a different location outside of the live environment so that you can get access to it before. If you lose the security key, all data will be lost. If you need to write down your security key and keep it in a safe place elsewhere, for more security over to write empty space, the installation will take much longer. Basically what that will do is go through and zero out your drive so that nothing else is on there. And you'd go through and save this outside of your network. Now, because I'm in a VM, I can't actually do this. But normally what I do is insert another like a USB key and I could save this to that USB key. But you'll want to save that. And you want, because you want this recovery key just in case you ever lose this security key. Otherwise, like I said, if you lose both of these things, your data is gone. You can't get it back. If you could get it back, I wouldn't know how you'd even go about doing it. So I'm pretty sure your data would be completely gone. So I'm just going to go ahead and you could even just write this down if you just wanted to write it down. If you didn't have a place to save it, whatever, doesn't matter. Obviously, I can show you this because this is a VM. I'm not going to be keeping it. There's no data on it anyways. So we'll just go ahead and hit install now. And of course, that's where the VM preps out because my install virtual box is horrible, but so I'm going to cut off here. I'm going to go through and redo this off camera and then I'll come back because like I said, virtual boxes is done. I've just hit install again. I've redone it and it appears to be working this time. You won't have that problem. That's just a me problem. I don't know what the hell is going on with my virtual box. Everything on this computer is going to shit. I don't know what the hell is going on. It doesn't matter. Moving on. After this part, the installation should be exactly the same. You may notice that the installation is slower than it would normally be if you weren't encrypting, especially if you're on a machine that has lower end resources. And that's something we'll talk about a little bit later when we're talking about pros and cons. But for the most part, the installation should be exactly the same after this point. So we're just going to go ahead and hit continue. And you'll enter your username and password. Now this is the username and password of the account. You should not use the same password that you used for your security key. You should use a different one, just in case this one here gets compromised somewhere else. It shouldn't, but just in case. And we'll hit continue. And then it's just going to install. Now, like I said, this may take longer than what it normally would because it is encrypting your drive. So while it's doing this, we can talk a little bit about pros and cons of whether or not you should encrypt your drive. So the first pro obviously is that your computer is more secure. If somebody gets physical access to your machine and it's off, they won't be able to actually access your machine without that security key that you set up. Another thing is it makes your computer a little bit harder to crack into remotely. It's not necessarily going to prevent it completely, because if you somehow download malware that gives access to your machine, like inside of your machine, the security key won't do you much good. But it does prevent outside attacks from happening, or at least it should. Another one is that it can protect outsiders data. Like if you're doing this for work or something like that, this may very well be required of you to have your computer encrypted in some form or fashion. Now, like if you're using Windows and stuff like that, they have built in encryption as well. And a lot of companies mandate that that's the case. And this at least allows you to use the Linux instead. So if you're protecting very valuable information of others that you don't really want to get out there, this is something that you should definitely look into. Now, as for cons, why you wouldn't want to do this, data recovery is basically impossible on an encrypted drive. It's not something that would be very easy to do if possible at all. So if your drive fails or whatever, or you lose it, or you lose your security key, chances are that data that's on that drive is gone. So that's a big deal. If you're one of those people who just cannot remember a password to save your life, probably don't encrypt your drive because you're just going to lose your password and lose all your data. And that'd be horrible. Another thing is, is if you're on a very low end machine that doesn't have a lot of memory or CP usage, you can notice that your machine will take longer to boot up and shut down because encrypting your data and unencrypting it or decrypting it in order to get into it can take some computer resources. On most modern machines, you probably won't even notice the difference, at least in my experience. So the question is, should you encrypt your machine? And the answer to that question kind of depends. If you're on a desktop and nobody else has access to your computer, whether you do or don't is really up to you. I personally don't, on my main machine, most of the time it just is a step that I don't care to take. Really it's 50-50 and whether or not I do or don't, this time I didn't, next time I probably will, whatever. On a laptop, I always do because those are machines that are meant to be on the go. If I lose it, I want it to be as secure as possible. So really for you, what you're looking at and trying to decide whether or not you want to do this or not is whether or not anybody else has access to your computer, whether or not you have the resources to do so. If you're running a low end machine, you may not want to. And also whether or not you're required to do it because if you're required, then you don't really have a choice anyway. You should just do it. You will find some Linux advocates that tell you to do this no matter what. I'm more of a personal choice kind of guy. I think it's really up to you. There are other ways you can go through and protect your sensitive data if you want to not encrypt your whole Linux installed because like I said, maybe you don't have the horsepower to actually do it. You could go through an external drive if you wanted to or you could go through and use certain BitLocker type applications that could encrypt just specific files or whatever so you don't have to encrypt the whole thing. Any of those things are other options to doing this because this right here is not a failsafe against everything because if your computer is actually on, like if your computer is on and all it's protecting is that one password that you, you know, your strong and complicated password, you know, that you use to actually log into the system, you know, security, your secure key for your LVM install isn't actually going to help you. So encrypting your Linux install is just one facet of a plan to protect your data. It's not the whole plan. So let's go ahead and show you what you'll encounter if you've encrypted your Linux install. So let's go ahead and hit restart now and I may actually have to go through and exit, remove the installation medium. I don't remember if I have to do that with Ubuntu or not. Sometimes with virtual box you do, sometimes you don't. Anyways, so this right here is what you'll see on reboot before you can actually get into anything. So this is what Ubuntu will look like. Some other distros will be completely text based. You won't see a logo or anything. It'll just say enter your security key or whatever. I know archers like that, but this is what Ubuntu looks like. So you just want to enter your security key and then hit enter. And then it will put its proceed to boot up as normal, supposedly. Don't, don't make me lie or Ubuntu. There you go. All right. I mean, then you can just enter your regular password like you normally would and it would launch you into the beautiful GNOME desktop. And that is how encryption works on the Linux desktop. Now this is, like I said, this is specific to Ubuntu just the way I showed you now, but it works basically the same on every other Linux distro. No matter what installer they use, as long as it's graphical, they all have options for LVM or some other form of encryption. And it's usually just one added step. You click the box that says that you want to do it. You enter your security key probably on the next screen. You install like normal, you reboot, you enter that security key and you're done. So bottom line, should you encrypt your install? Personally, like I said, sometimes they do, sometimes they don't really depends on the mood, especially on my desktop here. Nobody else has access to this computer other than me. And I use a tiling window manager. The other people who live in my household would take one look at this and not know how to do anything to it. So it's not a big deal. With my laptops, I always do. So that's really the thing is if somebody else has access to your computer, you should definitely do it. The only reason why you wouldn't do it is if the laptop you have doesn't have the horsepower to do it. And even then, you may be able to get by and do it, you'll just notice a slower startup time than normal. So because once you get past the encryption part, it should run like normal. So anyways, that is it for this video. If you have any questions, comments, all that stuff, leave them in the in the comments below. Make sure you like and subscribe. We're getting very, very close to 3000 subscribers. We may actually be there by tonight, but it may be tomorrow. Thanks everybody who subscribed. I really do appreciate it. Hit that thumbs up button. If you want to follow me on Twitter, you can do so at the Linuxcast Facebook at the Linuxcast, you can support me on Patreon, patreon.com slash Linuxcast before I go. I'd like to take you home to thank our current patrons, Devon, Marcus, Megalyn, Donnie, Sven, East Coast Web, Merrick, Camp and Mitchell. Thanks everybody for watching. I'll see you next time.