Veracrypt has a feature on windows that we don't seem to have on Linux, namely, hidden OS. Also hidden non-system containers.
This is extremely problematic as LUKs encrypted containers that are clearly encrypted, are almost USELESS in creating privacy from the authorities.
In many jurisdictions now, it is illegal if passwords to encrypted computers etc., are not handed over when requested - punishable by prison. I wouldn't want to go through any border control with a LUKS encrypted laptop, which because of such laws is the same as having a decrypted laptop with you.
Plausible deniability resolves this issue, as it can't be illegal to not provide a password, if it cannot be proved there is a hidden container. You can provide a password to the outer container which will be a dummy one.
As such, I've always looked out for a practical and easy solution like veracrypt where
- We can create an outer dummy Manjaro dummy install.
- We can create a hidden real Manjaro install
- Password A on boot takes us (1). password B takes us to (2)
The same for file/partition containers.
4. Dummy outer layer
5. Hidden inner volume.
Until now, there was no practical solution, but it seems a project has been created in linux to address this very serious problem.
Hidden LUKS on operating system partition
Hidden LUKS on non-operating system partition.
I've asked Calamares to utilise the above 2 projects into operating system installations.
However, they've said they will only incorporate if a distro first incorporates, making it feasible and workable for them to work with that distro and incorporate into Calamares.
Could the developers please please consider incorporating the DELUKS projects to allow a Hidden Manjaro boot, as its much needed.
ps. It would also be helpful in the meantime, if the boot screen didn't identify that a LUKs encryption password is required. Veracrypt gives this option by allowing custom login prompts. Instead of asking for password, we can simply display 'Hard Disk Error'. If a good password is entered, then it boots. If a bad password is entered, it doesn't response or give any error messages which would show a LUKS container is present. This prompt must be customisable by the user, to avoid being an indicator of a standard dummy prompt.