OpenSUSE’s Aeon is up to its third release candidate as what was formerly known as MicroOS Desktop GNOME for a container-based, immutable desktop operating system. With the Aeon RC3 release, full disk encryption is enabled by default as an exciting development.
The openSUSE Aeon project has been aiming for comprehensive full disk encryption support that is also able to take advantage of the Trusted Platform Module 2.0 (TPM2) capabilities of modern systems. With today’s RC3 version that milestone has been achieved. OpenSUSE Aeon RC3 is making use of Full Disk Encryption by default and is automatically setup during installation. The default configuration is using a measured boot process with verification of the bootloader, initrd, and kernel prior to carrying out decryption of data. There is a fallback mode as well for passphrase-based decryption. More details on this full disk encryption support by default with openSUSE Aeon can be found via the RC3 release notes. Further information on this encryption support in Aeon can be found via the openSUSE Wiki with the encryption guide.
Those learning about Aeon for the first time can learn more about this immutable OS effort in general via the project site.
It’s wonderful seeing this materialize and hopefully many other Linux distributions will follow suit. Especially for Linux laptops used in production environments, full disk encryption is highly recommended but even for desktops and workstations can be quite practical too and the performance costs tend to be rather small with modern platforms.

- A word from our sposor -

openSUSE’s Aeon RC3 Released With Full Disk Encryption By Default