Store Page
Steam Deck
All Discussions Artwork Videos News Guides Reviews

Steam Deck

Store Page
Steam Deck > General Discussions > Topic Details
Briggs Jul 31, 2021 @ 12:55pm
Drive encryption?
For mobile devices, security is important. I hope Valve allows for LUKS or something similar.
< >
Showing 1-15 of 19 comments
Silence Jul 31, 2021 @ 1:01pm 
its a Linux, if you want you could install is again with encryption enabled.
#1
Briggs Jul 31, 2021 @ 1:05pm 
Originally posted by Silence:
its a Linux, if you want you could install is again with encryption enabled.
Sure, I did that with my laptop. I put /boot on a USB drive with a file created from reading from /dev/random as a key. That doesn't mean I want to do anything like that again. Just because I can do something, doesn't mean I feel comfortable doing so, especially when it's something like LUKS that if done wrong can end very badly.
#2
Darzai Jul 31, 2021 @ 7:18pm 
Originally posted by Briggs:
For mobile devices, security is important. I hope Valve allows for LUKS or something similar.

It is an open system. SteamOS is a linux distribution based on Arch. You can install whatever.
#3
Nemesis Aug 1, 2021 @ 5:04am 
I wonder if steamos gives an option to use a terminal that would be cool with a little onscreen keyboard
#4
logith Aug 1, 2021 @ 5:15am 
Originally posted by Nemesis:
I wonder if steamos gives an option to use a terminal that would be cool with a little onscreen keyboard
It's literally a Linux computer, having a terminal is basically a given. I guess we don't know completely if you can use it in handheld, but plugging it in like a desktop you can most definitely, I see no reason why it wouldn't be there
#5
WarnerCK Aug 1, 2021 @ 5:45am 
Originally posted by logith:
Originally posted by Nemesis:
I wonder if steamos gives an option to use a terminal that would be cool with a little onscreen keyboard
It's literally a Linux computer, having a terminal is basically a given. I guess we don't know completely if you can use it in handheld, but plugging it in like a desktop you can most definitely, I see no reason why it wouldn't be there
I'm pretty sure it's just going to be
add konsole as a non-Steam application ; done
#6
Haruspex Aug 1, 2021 @ 10:49am 
Originally posted by Nemesis:
I wonder if steamos gives an option to use a terminal that would be cool with a little onscreen keyboard

The on-screen keyboard was shown in the IGN preview footage, and an "exclusive" on-screen keyboard skin is one of the bonuses for buying the $650 version. I will literally live-stream footage of me eating my hat if the Deck is released and there's no way to get to the terminal. I expect it will be as simple as exiting Steam big-picture mode and opening Konsole from the desktop.
#7
Ledow Aug 6, 2021 @ 6:03am 
How would you enter the decryption key / PIN, before the OS started and things like the onscreen keyboard were running? Things like Bitlocker do it with UEFI touchscreen drivers and appropriate OSK support, etc. in the device at a BIOS level. I highly doubt the Steam Deck would have that as a major consideration, to be honest.
#8
Briggs Aug 6, 2021 @ 6:13am 
Originally posted by Ledow:
How would you enter the decryption key / PIN, before the OS started and things like the onscreen keyboard were running? Things like Bitlocker do it with UEFI touchscreen drivers and appropriate OSK support, etc. in the device at a BIOS level. I highly doubt the Steam Deck would have that as a major consideration, to be honest.
On my laptop, I use a USB drive as a sort of physical key. But yeah, that seems like an unlikely thing. :(
#9
Insomnus Aug 6, 2021 @ 6:29am 
Originally posted by Ledow:
How would you enter the decryption key / PIN, before the OS started and things like the onscreen keyboard were running? Things like Bitlocker do it with UEFI touchscreen drivers and appropriate OSK support, etc. in the device at a BIOS level. I highly doubt the Steam Deck would have that as a major consideration, to be honest.

The steam controller by default without steam running works as kbm with a very basic mapping, and possibly with the deck's controls. It could be expanded upon if they haven't already.
#10
Tony Sep 6, 2022 @ 8:29pm 
OP, sorry that you didn't get anything useful here. Did you post this anywhere else and get any actually helpful reply?

I'm thinking I'll try fscrypt, at least it will encrypt my home directory (or if that doesn't work, some subdirectory). It won't involve reinstalling everything, and it will allow steam to start up normally. So it can be a compromise that works. I haven't got it in hand yet.
#11
PopinFRESH Sep 6, 2022 @ 8:33pm 
Originally posted by Tony:
OP, sorry that you didn't get anything useful here. Did you post this anywhere else and get any actually helpful reply?

I'm thinking I'll try fscrypt, at least it will encrypt my home directory (or if that doesn't work, some subdirectory). It won't involve reinstalling everything, and it will allow steam to start up normally. So it can be a compromise that works. I haven't got it in hand yet.

holy necro batman.
#12
Tony Sep 6, 2022 @ 8:54pm 
The Deck took looooong to come :)
#13
PopinFRESH Sep 6, 2022 @ 9:09pm 
Originally posted by Tony:
The Deck took looooong to come :)
lol :winter2019joyfultearssnowman: fair point.
#14
Tony Sep 14, 2022 @ 8:57am 
I received the Deck and I discovered Steam Deck already offers some solutions to this.

For anyone still here, or anyone stumbles upon this thread, here's what I ended up doing, arranged in terms of difficulty low to high.

1. From Steam -> Settings -> Security, set a pin for all three options.

2. From desktop, set a pasword by typing
passwd

3. Set hard disk passwords from BIOS. This should give reasonable level of protection on boot.
* Additional Notes: I am guessing this uses ATA protection[www.admin-magazine.com] supported by the hard disk at hardware level. I am pretty sure but not 100% sure. It should be possible to confirm this by running
hdparm -I /dev/nvme0n1
(for which you'd need to install
sudo pacman -S hdparm
by disabling the read only mode temporarily).

4. (Non-trivial for beginners, chance of data loss if you're not careful) If you're using an SD card, it is not secured by Steam.
* Do this only if you are comfortable with tinkering. The possible worst case scenario is that you'll reformat your Steam drive by error, which is a major inconvenience so be careful.
* You will need to (re)format it with encryption. I did it manually, but you can should be able to use KDE partition manager GUI from Desktop if it is included. While you're at it, might as well use btrfs instead of ext4 (it allows compression and subvolumes).
* You'll need to unblacklist the tpm module, or you'll not be able to mount it. Edit
/etc/default/grub
to carefully remove it then run
update-grub
and reboot.
* You'll also need to be able to mount it on boot. There are several ways to do that. I ended up with using a system service, because I didn't want to put this on /etc/crypttab as it can stop the boot process if the sd card stops working. May be doable with GUI too (if you ask the file browser to mount and remember password, that might work too - but I haven't tested).
* Wherever you mount it, open Steam in Desktop mode and add it as a path for downloads.

As you can see 1-2-3 are simple enough and will secure your device except SD card.

Item 4 is non-trivial (and you'd perhaps not need it) but it seems to be the only way to secure the SD card at the moment. It can also make it difficult to swap around multiple SD cards (I use a single large one).
Last edited by Tony; Oct 20, 2022 @ 12:30pm
#15
< >
Showing 1-15 of 19 comments
Per page: 1530 50

Steam Deck > General Discussions > Topic Details
Date Posted: Jul 31, 2021 @ 12:55pm
Posts: 19

Discussions Rules and Guidelines