We've been working through some issues with disk encryption in the installer and have them sorted out.
What was happening
A serialization mismatch between the UI and the installer backend meant the encryption type was never being read correctly, so LUKS was silently skipping setup entirely or incorrectly configuring encryption.
What's fixed
- LUKS encryption now actually sets up correctly during installation
- TPM2 auto-unlock works (tested in VM with swtpm and on real hardware)
- The TPM2 option is now hidden on systems without a TPM device
- Done page passphrase reminder only shows when you actually set up encryption
- Secure Boot enrollment notice only shows if the key was enrolled during that specific install
Two encryption options are available
| Option | Description |
|---|---|
| Passphrase | Standard LUKS2 software encryption. Works on any hardware, you enter your passphrase on every boot. |
| TPM2 auto-unlock | Unlocks automatically on boot using your TPM chip, falls back to passphrase if TPM fails. Requires TPM2 + Secure Boot for full security. |
If you previously installed with encryption enabled and it didn't seem to work — that's why. A fresh install will set it up correctly now.
Download
All Isos are avalible at https://rakuos.org/download