I want to have data-at-rest encryption, so that the only password i need to insert is my user one, this allows me to not have to type passwords multiple times. If i had the regular encryption password i would have to enable autologin in SDDM, which would do away with the encryption on kdewallet and all my credentials.
Plus i also enable secureboot, and use fedora kinoite, so that i is hard to tamper with my boot stuff without my TPM wiping itself off my encryption password, this gives me a very Bitlocker-like setup, but without the shittiness of having my encryption keys linked to microsoft’s terrible encryption system and user accounts, i can actually control my stuff like this. For a laptop, i must say data-at-rest encryption is a must!
This setup gives me multiple security layers; took my laptop off me -> booted my laptop, faced with user password -> tried to boot another OS, TPM wiped itself, no more encryption key -> computer now asks for encryption password, has to find a way around LVM2 encryption -> LVM2 encryption (somehow) defeated they must now crack my user password, or have to (try) to decrypt my credentials on the file system itself; after all these convoluted and extremely hard steps i think we can agree this person really deserves to have access to my cool wallpapers
Yeah, i know; EUFI computers really suck, turning away the script kiddies and most people that would steal this computer from my data is is the most i can with this thing