Debian 12 issues
Debian 12 issues
Hello, I’m looking into Debian 12. Here are your questions rephrased:
- When I choose this setting, will the entire drive be encrypted? I’m unsure how to adjust it manually, but the guide suggests only `sda5_crypt` is protected. What about the root, swap, and boot partitions? I’ve heard leaving them unencrypted might expose data.
- Which ISO should I get? I plan to use Xfce as my desktop environment.
- Does this version support an NVIDIA GPU? I’ve read some alternatives include non-free components, so I’m assuming I’ll need that if I want to boot with an NVIDIA card. Ideally, I’d like a minimal, open-source setup. I’m not sure which device offers the best free software options.
The last item (SCSI1) is the physical disk. It contains two partitions, one primary partition for "boot" and one logical partition containing an encrypted volume (sda5_crypt). The boot partition can't be encrypted, because your BIOS needs to be able to read it to kick off the actual boot process, which then needs to be able to prompt you for the Encryption Passphrase. The passphrase is required to unlock the actual encryption key, which unlocks the encrypted volume to make your data accessible. The encrypted volume (sda5_crypt) contains the Volume Group (VG) "debian-vg" of the Logical Volume Manager (LVM). This volume group in turn contains two Logical Volumes (LV), one for the root partition (/), containing all of your data, and one for swap. So everything, except for the small boot partition, is encrypted. I want to point out two things: Be aware of the possible drawbacks of encryption. If you lose access/forget the passphrase, your data is toast. If the boot partition gets messed up (had that happen to me) your data is toast unless you know your way around the Grub rescue mode. So be sure to keep backups . Debian's primary goals are stability and security. That makes it very suitable for servers that need to have high uptime. It's not as suitable for a desktop, because a lot of the software that comes with it will be old. Very old (but well maintained and full of security patches). If you want something more desktop oriented that is based on Debian, use Ubuntu (or Xubuntu for Xfce).
I understand the confusion. The numbering seems inconsistent, and it's unclear why #5 is labeled differently from #2. It’s not obvious where the swap and root partitions are located within sda5_crypt. You’d need to check the installation details or documentation to confirm their placement. I’ll download the ISO and proceed as planned. I believe the installer can automatically determine optimal sizes based on your RAM, which is a good assumption. I won’t risk anything and will follow the instructions carefully. Thanks for your feedback.
snda5_crypt is an encrypted storage that root and swap operations will focus on. The boot process stays unencrypted, yet there’s no personal data stored inside. This addresses concerns about security in the /boot area, which is what secureboot and TPM were built to handle. Even with system encryption enabled, the partition remains unencrypted. You can confirm this by acknowledging both yes and no—swap mainly impacts hibernation (also called Suspend to Disk). If you don’t use hibernation, you’ll need less swap than your RAM allows, since hibernation just moves RAM into swap for a lower power state than sleep. I think the firmware keeps the motherboard active, not the system RAM.