It’s nowhere near as bad as people thought it would be. The idea is to provide secure secondary storage for various encryption keys and cryptographic signatures that is resistant to tampering and enables things like automatic decryption of your hard drive, verification that the boot code and kernel haven’t been modified, and things like that.
There are several theoretical use cases that are pretty awful (DRM enablement, OS lockdown through secure boot) that are possible but never came to pass.
I mean I don't know shit about it but if I was the NSA I would absolutely say "yeah let's have em all stick a special chip on the board that does cryptography that we definitely don't have direct access to somehow"
Desktop operating systems (Windows, Linux) are miles behind mobile operating systems (Android, iOS) when it comes to full disk encryption. Android and iOS do it out of the box and you don't even notice, but if you want to set something like this up on Windows or the vast majority of Linux distros, you really have to tread into the weeds. It would be a blessing for this to change.
I was thinking about this recently, for the myriad failings of mobile systems (non-free hardware and software, walled gardens, software design geared toward rent-seeking, etc.) they sure have great usability. Apps are rarely an incomprehensible mess when you first install them. Settings menus can get messy but it’s often easy enough to find what you need and quick settings are never more than a swipe away.
Desktop systems have tons of unaddressed pain points that have no reason to exist.
It’s nowhere near as bad as people thought it would be. The idea is to provide secure secondary storage for various encryption keys and cryptographic signatures that is resistant to tampering and enables things like automatic decryption of your hard drive, verification that the boot code and kernel haven’t been modified, and things like that.
There are several theoretical use cases that are pretty awful (DRM enablement, OS lockdown through secure boot) that are possible but never came to pass.
I mean I don't know shit about it but if I was the NSA I would absolutely say "yeah let's have em all stick a special chip on the board that does cryptography that we definitely don't have direct access to somehow"
Desktop operating systems (Windows, Linux) are miles behind mobile operating systems (Android, iOS) when it comes to full disk encryption. Android and iOS do it out of the box and you don't even notice, but if you want to set something like this up on Windows or the vast majority of Linux distros, you really have to tread into the weeds. It would be a blessing for this to change.
I was thinking about this recently, for the myriad failings of mobile systems (non-free hardware and software, walled gardens, software design geared toward rent-seeking, etc.) they sure have great usability. Apps are rarely an incomprehensible mess when you first install them. Settings menus can get messy but it’s often easy enough to find what you need and quick settings are never more than a swipe away.
Desktop systems have tons of unaddressed pain points that have no reason to exist.
Linux MInt gives you the option for encryption during install. Either home partition or entire disk. I've had full disk encryption for years.