https://wiki.archlinux.org/api.php?action=feedcontributions&user=Powersource&feedformat=atomArchWiki - User contributions [en]2024-03-29T08:37:48ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Data-at-rest_encryption&diff=537847Data-at-rest encryption2018-08-26T17:07:59Z<p>Powersource: minor typo</p>
<hr />
<div>[[Category:Disk encryption]]<br />
[[es:Disk encryption]]<br />
[[it:Disk encryption]]<br />
[[ja:ディスク暗号化]]<br />
[[pl:Disk encryption]]<br />
[[zh-hans:Disk encryption]]<br />
{{Related articles start}}<br />
{{Related|dm-crypt}}<br />
{{Related|TrueCrypt}}<br />
{{Related|eCryptfs}}<br />
{{Related|EncFS}}<br />
{{Related|gocryptfs}}<br />
{{Related|Tomb}}<br />
{{Related|tcplay}}<br />
{{Related|GnuPG}}<br />
{{Related|Self-Encrypting Drives}}<br />
{{Related articles end}}<br />
This article discusses [[Wikipedia:Disk encryption|disk encryption]] software, which on-the-fly encrypts / decrypts data written to / read from a [[Wikipedia:Block device|block device]], [[disk partition]] or directory. Examples for block devices are hard drives, flash drives and DVDs.<br />
<br />
Disk encryption should only be viewed as an adjunct to the existing security mechanisms of the operating system - focused on securing physical access, while relying on ''other'' parts of the system to provide things like network security and user-based access control.<br />
<br />
==Why use encryption?==<br />
<br />
Disk encryption ensures that files are always stored on disk in an encrypted form. The files only become available to the operating system and applications in readable form while the system is running and unlocked by a trusted user. An unauthorized person looking at the disk contents directly, will only find garbled random-looking data instead of the actual files.<br />
<br />
For example, this can prevent unauthorized viewing of the data when the computer or hard-disk is:<br />
* located in a place to which non-trusted people might gain access while you are away<br />
* lost or stolen, as with laptops, netbooks or external storage devices<br />
* in the repair shop<br />
* discarded after its end-of-life<br />
<br />
In addition, disk encryption can also be used to add some security against unauthorized attempts to tamper with your operating system – for example, the installation of keyloggers or Trojan horses by attackers who can gain physical access to the system while you are away.<br />
<br />
{{Warning|Disk encryption does '''not''' protect your data from all threats.}}<br />
You will still be vulnerable to:<br />
* Attackers who can break into your system (e.g. over the Internet) while it is running and after you have already unlocked and mounted the encrypted parts of the disk.<br />
* Attackers who are able to gain physical access to the computer while it is running (even if you use a screenlocker), or very shortly ''after'' it was running, if they have the resources to perform a [[Wikipedia:Cold boot attack|cold boot attack]].<br />
* A government entity, which not only has the resources to easily pull off the above attacks, but also may simply force you to give up your keys/passphrases using various techniques of [[Wikipedia:Coercion|coercion]]. In most non-democratic countries around the world, as well as in the USA and UK, it may be legal for law enforcement agencies to do so if they have suspicions that you might be hiding something of interest.<br />
<br />
A very strong disk encryption setup (e.g. full system encryption with authenticity checking and no plaintext boot partition) is required to stand a chance against professional attackers who are able to tamper with your system ''before'' you use it. And even then it cannot prevent all types of tampering (e.g. hardware keyloggers). The best remedy might be [[Wikipedia:Hardware-based full disk encryption|hardware-based full disk encryption]] and [[Wikipedia:Trusted_Computing|Trusted Computing]].<br />
<br />
{{Warning|Disk encryption also will not protect you against someone simply [[Securely wipe disk|wiping your disk]]. [[Backup programs|Regular backups]] are recommended to keep your data safe.}}<br />
<br />
== System data encryption ==<br />
<br />
While encrypting only the user data itself (often located within the home directory, or on removable media like a data DVD), is the simplest and least intrusive method, it has some significant drawbacks.<br />
In modern computer systems, there are many background processes that may cache and store information about user data or parts of the data itself in non-encrypted areas of the hard drive, like:<br />
<br />
:* swap partitions<br />
:** (potential remedies: disable swapping, or use [[encrypted swap]] as well)<br />
:* {{ic|/tmp}} (temporary files created by user applications)<br />
:** (potential remedies: avoid such applications; mount {{ic|/tmp}} inside a [[ramdisk]])<br />
:* {{ic|/var}} (log files and databases and such; for example, [[mlocate]] stores an index of all file names in {{ic|/var/lib/mlocate/mlocate.db}})<br />
<br />
The solution is to encrypt both system and user data, preventing unauthorized physical access to private data that may be cached by the system. This however comes with the disadvantage that unlocking of the encrypted parts of the disk has to happen at boot time. Another benefit of system data encryption is that complicates install malware like [[Wikipedia:Keystroke logging|keyloggers]] or rootkits for someone with physical access.<br />
<br />
== Available methods ==<br />
<br />
All disk encryption methods operate in such a way that even though the disk actually holds encrypted data, the operating system and applications "see" it as the corresponding normal readable data as long as the cryptographic container (i.e. the logical part of the disk that holds the encrypted data) has been "unlocked" and mounted.<br />
<br />
For this to happen, some "secret information" (usually in the form of a keyfile and/or passphrase) needs to be supplied by the user, from which the actual encryption key can be derived (and stored in the kernel keyring for the duration of the session).<br />
<br />
If you are completely unfamiliar with this sort of operation, please also read the [[#How the encryption works]] section below.<br />
<br />
The available disk encryption methods can be separated into two types by their layer of operation:<br />
<br />
=== Stacked filesystem encryption ===<br />
<br />
Stacked filesystem encryption solutions are implemented as a layer that stacks on top of an existing filesystem, causing all files written to an encryption-enabled folder to be encrypted on-the-fly before the underlying filesystem writes them to disk, and decrypted whenever the filesystem reads them from disk. This way, the files are stored in the host filesystem in encrypted form (meaning that their contents, and usually also their file/folder names, are replaced by random-looking data of roughly the same length), but other than that they still exist in that filesystem as they would without encryption, as normal files / symlinks / hardlinks / etc.<br />
<br />
The way it is implemented, is that to unlock the folder storing the raw encrypted files in the host filesystem ("lower directory"), it is mounted (using a special stacked pseudo-filesystem) onto itself or optionally a different location ("upper directory"), where the same files then appear in readable form - until it is unmounted again, or the system is turned off.<br />
<br />
Available solutions in this category are [[eCryptfs]] and [[EncFS]].<br />
<br />
==== Cloud-storage optimized ====<br />
<br />
If you are deploying stacked filesystem encryption to achieve zero-knowledge synchronization with third-party-controlled locations such as cloud-storage services, you may want to consider alternatives to eCryptfs and EncFS, since these are not optimized for transmission of files over the Internet. There are some solutions designed for this purpose instead:<br />
<br />
* [[gocryptfs]]<br />
* {{aur|cryptomator}} (multi-platform)<br />
* {{pkg|cryfs}}<br />
<br />
Note that some cloud-storage services offer zero-knowledge encryption directly through their own [[List of applications/Internet#Cloud synchronization clients|client applications]].<br />
<br />
=== Block device encryption ===<br />
<br />
Block device encryption methods, on the other hand, operate ''below'' the filesystem layer and make sure that everything written to a certain block device (i.e. a whole disk, or a partition, or a file acting as a [[Wikipedia:loop device|loop device]]) is encrypted. This means that while the block device is offline, its whole content looks like a large blob of random data, with no way of determining what kind of filesystem and data it contains. Accessing the data happens, again, by mounting the protected container (in this case the block device) to an arbitrary location in a special way.<br />
<br />
The following "block device encryption" solutions are available in Arch Linux:<br />
<br />
;loop-AES: loop-AES is a descendant of cryptoloop and is a secure and fast solution to system encryption. However, loop-AES is considered less user-friendly than other options as it requires non-standard kernel support. <br />
<br />
;dm-crypt: [[dm-crypt]] is the standard device-mapper encryption functionality provided by the Linux kernel. It can be used directly by those who like to have full control over all aspects of partition and key management. The management of dm-crypt is done with the {{Pkg|cryptsetup}} userspace utility. It can be used for the following types of block-device encryption: ''LUKS'' (default), ''plain'', and has limited features for ''loopAES'' and ''Truecrypt'' devices. <br />
:* LUKS, used by default, is an additional convenience layer which stores all of the needed setup information for dm-crypt on the disk itself and abstracts partition and key management in an attempt to improve ease of use and cryptographic security. <br />
:* plain dm-crypt mode, being the original kernel functionality, does not employ the convenience layer. It is more difficult to apply the same cryptographic strength with it. When doing so, longer keys (passphrases or keyfiles) are the result. It has, however, other advantages, described in the following [[#Practical implications|comparison table]]. <br />
<br />
;TrueCrypt/VeraCrypt: A portable format, supporting encryption of whole disks/partitions or file containers, with compatibility across all major operating systems. [[TrueCrypt]] was discontinued by its developers in May 2014. The VeraCrypt fork was audited in 2016.<br />
<br />
For practical implications of the chosen layer of operation, see the [[#Practical implications|comparison table]] below, as well as the general write up for [https://www.systutorials.com/docs/linux/packages/ecryptfs-utils-111/ecryptfs-faq.html#compare eCryptfs]. See [[:Category:Encryption]] for the available content of the methods compared below, as well as other tools not included in the table.<br />
<br />
===Comparison table===<br />
<br />
The column "dm-crypt +/- LUKS" denotes features of dm-crypt for both LUKS ("+") and plain ("-") encryption modes. If a specific feature requires using LUKS, this is indicated by "(with LUKS)". Likewise "(without LUKS)" indicates usage of LUKS is counter-productive to achieve the feature and plain mode should be used.<br />
<br />
{| class="wikitable" style="text-align:center; cell-padding:100px; "<br />
! style="text-align:left; background:#ddd"|<br />
=====Summary=====<br />
! style="background:#ddd" | Loop-AES<br />
! style="background:#ddd" | [[dm-crypt]] +/- LUKS<br />
! style="background:#ddd" | [[TrueCrypt]]<br />
! style="background:#ddd" | VeraCrypt<br />
! style="background:#ddd" | [[eCryptfs]]<br />
! style="background:#ddd" | [[EncFS]]<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Encryption type<br />
| block device<br />
| block device<br />
| block device<br />
| block device<br />
| stacked filesystem<br />
| stacked filesystem<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Main selling points<br />
| longest-existing one; possibly the fastest; works on legacy systems<br />
| de-facto standard for block device encryption on Linux; very flexible<br />
| very portable, well-polished, self-contained solution<br />
| maintained fork of TrueCrypt<br />
| slightly faster than EncFS; individual encrypted files portable between systems<br />
| easiest one to use; supports non-root administration<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Availability in Arch Linux<br />
| must manually compile custom kernel<br />
| ''kernel modules:'' already shipped with default kernel; ''tools:'' {{Pkg|device-mapper}}, {{Pkg|cryptsetup}}<br />
| {{pkg|truecrypt}} (discontinued) or the backwards-compatible {{pkg|veracrypt}}<br />
| {{pkg|veracrypt}}<br />
| ''kernel module:'' already shipped with default kernel; ''tools:'' {{Pkg|ecryptfs-utils}}<br />
| {{Pkg|encfs}}<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | License<br />
| GPL<br />
| GPL<br />
| TrueCrypt License 3.1<br />
| Apache License 2.0, parts subject to TrueCrypt License v3.0<br />
| GPL<br />
| GPL<br />
|-<br />
! style="text-align:left; background:#ddd"|<br />
=====Basic classification=====<br />
! style="background:#ddd" | Loop-AES<br />
! style="background:#ddd" | dm-crypt +/- LUKS<br />
! style="background:#ddd" | TrueCrypt<br />
! style="background:#ddd" | VeraCrypt<br />
! style="background:#ddd" | eCryptfs<br />
! style="background:#ddd" | EncFs<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Encrypts<br />
| whole block devices<br />
| whole block devices<br />
| whole block devices<br />
| whole block devices<br />
| files<br />
| files<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Container for encrypted data may be...<br />
| a disk or disk partition / a file acting as a virtual partition<br />
| a disk or disk partition / a file acting as a virtual partition<br />
| a disk or disk partition / a file acting as a virtual partition<br />
| a disk or disk partition / a file acting as a virtual partition<br />
| a directory in an existing file system<br />
| a directory in an existing file system<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Relation to filesystem<br />
| operates below filesystem layer: does not care whether the content of the encrypted block device is a filesystem, a partition table, a LVM setup, or anything else<br />
| operates below filesystem layer: does not care whether the content of the encrypted block device is a filesystem, a partition table, a LVM setup, or anything else<br />
| operates below filesystem layer: does not care whether the content of the encrypted block device is a filesystem, a partition table, a LVM setup, or anything else<br />
| operates below filesystem layer: does not care whether the content of the encrypted block device is a filesystem, a partition table, a LVM setup, or anything else<br />
| adds an additional layer to an existing filesystem, to automatically encrypt/decrypt files whenever they are written/read<br />
| adds an additional layer to an existing filesystem, to automatically encrypt/decrypt files whenever they are written/read<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Encryption implemented in...<br />
| kernelspace<br />
| kernelspace<br />
| kernelspace<br />
| kernelspace<br />
| kernelspace<br />
| userspace (using FUSE)<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Cryptographic metadata stored in...<br />
| ?<br />
| with LUKS: LUKS Header <br />
| begin/end of (decrypted) device ([http://www.truecrypt.org/docs/volume-format-specification format]){{Dead link|2018|07|15}}<br />
| begin/end of (decrypted) device ([https://www.veracrypt.fr/en/VeraCrypt%20Volume%20Format%20Specification.html format spec])<br />
| header of each encrypted file<br />
| control file at the top level of each EncFs container<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Wrapped encryption key stored in...<br />
| ?<br />
| with LUKS: LUKS header <br />
| begin/end of (decrypted) device ([http://www.truecrypt.org/docs/volume-format-specification format spec]){{Dead link|2018|07|15}}<br />
| begin/end of (decrypted) device ([https://www.veracrypt.fr/en/VeraCrypt%20Volume%20Format%20Specification.html format spec])<br />
| key file that can be stored anywhere<br />
| key file that can be stored anywhere<br />
[https://github.com/rfjakob/encfs/blob/next/encfs/encfs.pod#environment-variables][https://github.com/vgough/encfs/issues/48#issuecomment-69301831]<br />
|-<br />
! style="text-align:left; background:#ddd"|<br />
=====Practical implications=====<br />
! style="background:#ddd" | Loop-AES<br />
! style="background:#ddd" | dm-crypt +/- LUKS<br />
! style="background:#ddd" | TrueCrypt<br />
! style="background:#ddd" | VeraCrypt<br />
! style="background:#ddd" | eCryptfs<br />
! style="background:#ddd" | EncFs<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | File metadata (number of files, dir structure, file sizes, permissions, mtimes, etc.) is encrypted<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br>(file and dir names can be encrypted though)<br />
| <span style="color:#f00; font-size:2em">✖</span><br>(file and dir names can be encrypted though)<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Can be used to custom-encrypt whole hard drives (including partition tables)<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Can be used to encrypt swap space<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
|-<br />
<br />
! style="text-align:left; font-weight:normal; background:#eee" | Can be used without pre-allocating a fixed amount of space for the encrypted data container<br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Can be used to protect existing filesystems without block device access, e.g. NFS or Samba shares, cloud storage, etc.<br />
| <span style="color:#f00; font-size:2em">✖</span><br>[[#cite_note-1|<sup>1</sup>]]<br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Allows offline file-based backups of encrypted files<br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
|-<br />
! style="text-align:left; background:#ddd"|<br />
<br />
=====Usability features=====<br />
! style="background:#ddd" | Loop-AES<br />
! style="background:#ddd" | dm-crypt +/- LUKS<br />
! style="background:#ddd" | TrueCrypt<br />
! style="background:#ddd" | VeraCrypt<br />
! style="background:#ddd" | eCryptfs<br />
! style="background:#ddd" | EncFs<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Support for automounting on login<br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
with [[TrueCrypt#Automounting_using_.2Fetc.2Fcrypttab|systemd and /etc/crypttab]]<br />
| <span style="color:#080; font-size:2em">✔</span><br />
with [[TrueCrypt#Automounting_using_.2Fetc.2Fcrypttab|systemd and /etc/crypttab]]<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Support for automatic unmounting in case of inactivity<br />
| ?<br />
| ?<br />
| ?<br />
| ?<br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Non-root users can create/destroy containers for encrypted data<br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| limited<br />
| <span style="color:#080; font-size:2em">✔</span><br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Provides a GUI<br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
[http://www.libertyzero.com/GEncfsM/][https://launchpad.net/gencfsm]<br />
|-<br />
! style="text-align:left; background:#ddd"|<br />
=====Security features=====<br />
! style="background:#ddd" | Loop-AES<br />
! style="background:#ddd" | dm-crypt +/- LUKS<br />
! style="background:#ddd" | TrueCrypt<br />
! style="background:#ddd" | VeraCrypt<br />
! style="background:#ddd" | eCryptfs<br />
! style="background:#ddd" | EncFs<br />
|-<br />
<br />
! style="text-align:left; font-weight:normal; background:#eee" | Supported ciphers<br />
| AES<br />
| AES, Anubis, CAST5/6, Twofish, Serpent, Camellia, Blowfish,… (every cipher the kernel Crypto API offers)<br />
| AES, Twofish, Serpent<br />
| AES, Twofish, Serpernt, Camellia, Kuznyechik<br />
| AES, Blowfish, Twofish...<br />
| AES, Blowfish, Twofish, and any other ciphers available on the system<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Support for salting<br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br>(with LUKS)<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| ?<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Support for cascading multiple ciphers<br />
| ?<br />
| Not in one device, but blockdevices can be cascaded<br />
| <span style="color:#080; font-size:2em">✔</span><br />
AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent<br />
| <span style="color:#080; font-size:2em">✔</span><br />
AES-Twofish, AES-Twofish-Serpent, Serpent-AES, Serpent-Twofish-AES, Twofish-Serpent<br />
| ?<br />
| <span style="color:#f00; font-size:2em">✖</span><br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Support for key-slot diffusion<br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br>(with LUKS)<br />
| ?<br />
| ?<br />
| ?<br />
| ?<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Protection against key scrubbing<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br>(without LUKS)<br />
| ?<br />
| ?<br />
| ?<br />
| ?<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Support for multiple (independently revocable) keys for the same encrypted data<br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br>(with LUKS)<br />
| ?<br />
| ?<br />
| ?<br />
| <span style="color:#f00; font-size:2em">✖</span><br />
|-<br />
! style="text-align:left; background:#ddd"|<br />
<br />
=====Performance features=====<br />
! style="background:#ddd" | Loop-AES<br />
! style="background:#ddd" | dm-crypt +/- LUKS<br />
! style="background:#ddd" | TrueCrypt<br />
! style="background:#ddd" | VeraCrypt<br />
! style="background:#ddd" | eCryptfs<br />
! style="background:#ddd" | EncFs<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Multithreading support<br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br>[http://kernelnewbies.org/Linux_2_6_38#head-49f5f735853f8cc7c4d89e5c266fe07316b49f4c]<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| ?<br />
| ?<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Hardware-accelerated encryption support<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br>[https://github.com/vgough/encfs/issues/118]<br />
|-<br />
! style="text-align:left; background:#ddd"|<br />
=====Block device encryption specific=====<br />
! style="background:#ddd" | Loop-AES<br />
! style="background:#ddd" | dm-crypt +/- LUKS<br />
! style="background:#ddd" | TrueCrypt<br />
! style="background:#ddd" | VeraCrypt<br />
! style="background:#ddd" | <br />
! style="background:#ddd" | <br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Support for (manually) resizing the encrypted block device in-place<br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#f00; font-size:2em">✖</span><br />
! style="background:#ddd" | <br />
! style="background:#ddd" | <br />
|-<br />
! style="text-align:left; background:#ddd"|<br />
=====Stacked filesystem encryption specific=====<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" | eCryptfs<br />
! style="background:#ddd" | EncFs<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Supported file systems<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
| ext3, ext4, xfs (with caveats), jfs, nfs...<br />
| ext3, ext4, xfs (with caveats), jfs, nfs, cifs...<br />
[https://github.com/vgough/encfs]<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Ability to encrypt filenames<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Ability to ''not'' encrypt filenames<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Optimized handling of sparse files<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
! style="background:#ddd" |<br />
| <span style="color:#f00; font-size:2em">✖</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
|-<br />
! style="text-align:left; background:#ddd"|<br />
=====Compatibility & prevalence=====<br />
! style="background:#ddd" | Loop-AES<br />
! style="background:#ddd" | dm-crypt +/- LUKS<br />
! style="background:#ddd" | TrueCrypt<br />
! style="background:#ddd" | VeraCrypt<br />
! style="background:#ddd" | eCryptfs<br />
! style="background:#ddd" | EncFs<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Supported Linux kernel versions<br />
| 2.0 or newer<br />
| CBC-mode since 2.6.4, ESSIV 2.6.10, LRW 2.6.20, XTS 2.6.24<br />
| ?<br />
| ?<br />
| ?<br />
| 2.4 or newer<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Encrypted data can also be accessed from Windows<br />
| <span style="color:#080; font-size:2em">✔</span><br>(with [[Wikipedia:CrossCrypt|CrossCrypt]], [https://github.com/t-d-k/LibreCrypt LibreCrypt])<br />
|?<br>(with [[Wikipedia:FreeOTFE|FreeOTFE]], [https://github.com/t-d-k/LibreCrypt LibreCrypt])<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| ?<br />
| ?<br>[http://members.ferrara.linux.it/freddy77/encfs.html]<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Encrypted data can also be accessed from Mac OS X<br />
| ?<br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br />
| <span style="color:#080; font-size:2em">✔</span><br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br>[https://sites.google.com/a/arg0.net/www/encfs-mac-build]<br />
|-<br />
! style="text-align:left; font-weight:normal; background:#eee" | Encrypted data can also be accessed from FreeBSD<br />
| ?<br />
| ?<br />
| <span style="color:#080;; font-size:2em">✔</span><br />
(with VeraCrypt)<br />
| <span style="color:#080; font-size:2em">✔</span><br><br />
| ?<br />
| <span style="color:#080; font-size:2em">✔</span><br>[http://www.freshports.org/sysutils/fusefs-encfs/]<br />
|-<br />
<br />
! style="text-align:left; font-weight:normal; background:#eee" | Used by<br />
| ?<br />
| Debian/Ubuntu installer (system encryption)<br>Fedora installer <br />
| ?<br />
| ?<br />
| Ubuntu installer (home dir encryption)<br>Chromium OS (encryption of cached user data [https://www.chromium.org/chromium-os/chromiumos-design-docs/protecting-cached-user-data])<br />
| ?<br />
|}<br />
<br />
<span id="cite_note-1"></span><br />
# [[#Practical implications|^]] well, a single file in those filesystems could be used as a container (virtual loop-back device!) but then one would not actually be using the filesystem (and the features it provides) anymore<br />
<br />
==Preparation==<br />
<br />
===Choosing a setup===<br />
<br />
Which disk encryption setup is appropriate for you will depend on your goals (please read [[#Why use encryption?]] above) and system parameters.<br />
<br />
Among other things, you will need to answer the following questions:<br />
<br />
;What kind of "attacker" do you want to protect against?<br />
<br />
* Casual computer user snooping around your disk when your system is turned off / stolen / etc.<br />
* Professional cryptanalyst who can get repeated read/write access to your system before and after you use it<br />
* Anything in between<br />
<br />
;What do you want to encrypt?<br />
<br />
* only user data<br />
* user data and system data<br />
* something in between<br />
<br />
;How should swap, {{ic|/tmp}}, etc. be taken care of?<br />
<br />
* Ignore, and hope no data is leaked<br />
* Disable or mount as ramdisk<br />
* Encrypt ''(as part of full disk encryption, or separately)''<br />
<br />
;How should encrypted parts of the disk be unlocked?<br />
<br />
* Passphrase ''(same as login password, or separate)''<br />
* Keyfile ''(e.g. on a USB stick, that you keep in a safe place or carry around with yourself)''<br />
* Both<br />
<br />
;''When'' should encrypted parts of the disk be unlocked?<br />
<br />
* Before boot<br />
* During boot<br />
* At login<br />
* Manually on demand ''(after login)''<br />
<br />
;How should multiple users be accommodated?<br />
<br />
* Not at all<br />
* Using a shared passphrase/key<br />
* Independently issued and revocable passphrases/keys for the same encrypted part of the disk<br />
* Separate encrypted parts of the disk for different users<br />
<br />
Then you can go on to make the required technical choices (see [[#Available methods]] above, and [[#How the encryption works]] below), regarding:<br />
<br />
* stacked filesystem encryption vs. blockdevice encryption<br />
* key management<br />
* cipher and mode of operation<br />
* metadata storage<br />
* location of the "lower directory" (in case of stacked filesystem encryption)<br />
<br />
=== Examples ===<br />
<br />
In practice, it could turn out something like:<br />
<br />
;Example 1: Simple user data encryption (internal hard drive) using a virtual folder called {{ic|~/Private}} in the user's home directory encrypted with [[EncFS]]<br />
:* encrypted versions of the files stored on-disk in {{ic|~/.Private}}<br />
:* unlocked on demand with dedicated passphrase<br />
<br />
;Example 2: Partial system encryption with each user's home directory encrypted with [[ECryptfs]]<br />
:* unlocked on respective user login, using login passphrase<br />
:* {{ic|swap}} and {{ic|/tmp}} partitions encrypted with [[Dm-crypt with LUKS]], using an automatically generated per-session throwaway key<br />
:* indexing/caching of contents of {{ic|/home}} by ''slocate'' (and similar apps) disabled.<br />
<br />
;Example 3: System encryption - whole hard drive except {{ic|/boot}} partition (however, {{ic|/boot}} can be encrypted with [[Dm-crypt/Encrypting_an_entire_system#Encrypted_boot_partition_.28GRUB.29|GRUB]]) encrypted with [[Dm-crypt with LUKS]]<br />
:* unlocked during boot, using passphrases or USB stick with keyfiles<br />
:* Maybe different passphrases/keys per user - independently revocable<br />
:* Maybe encryption spanning multiple drives or partition layout flexibility with [[Dm-crypt/Encrypting an entire system#LUKS on LVM|LUKS on LVM]]<br />
<br />
;Example 4: Hidden/plain system encryption - whole hard drive encrypted with [[dm-crypt|plain dm-crypt]]<br />
:* USB-boot, using dedicated passphrase plus USB stick with keyfile<br />
:* data integrity checked before mounting<br />
:* {{ic|/boot}} partition located on aforementioned USB stick<br />
<br />
Many other combinations are of course possible. You should carefully plan what kind of setup will be appropriate for your system.<br />
<br />
===Choosing a strong passphrase===<br />
<br />
See [[Security#Passwords]].<br />
<br />
===Preparing the disk===<br />
<br />
Before setting up disk encryption on a (part of a) disk, consider securely wiping it first. This consists of overwriting the entire drive or partition with a stream of zero bytes or random bytes, and is done for one or both of the following reasons:<br />
<br />
;Prevent recovery of previously stored data<br />
<br />
Disk encryption does not change the fact that individual sectors are only overwritten on demand, when the file system creates or modifies the data those particular sectors hold (see [[#How the encryption works]] below). Sectors which the filesystem considers "not currently used" are not touched, and may still contain remnants of data from previous filesystems. The only way to make sure that all data which you previously stored on the drive can not be [[Wikipedia:Data_recovery|recovered]], is to manually erase it.<br />
For this purpose it does not matter whether zero bytes or random bytes are used (although wiping with zero bytes will be much faster).<br />
<br />
;Prevent disclosure of usage patterns on the encrypted drive<br />
<br />
Ideally, the whole encrypted part of the disk should be indistinguishable from uniformly random data. This way, no unauthorized person can know which and how many sectors actually contain encrypted data - which may be a desirable goal in itself (as part of true confidentiality), and also serves as an additional barrier against attackers trying to break the encryption.<br />
In order to satisfy this goal, wiping the disk using high-quality random bytes is crucial.<br />
<br />
The second goal only makes sense in combination with block device encryption, because in the case of stacked filesystem encryption the encrypted data can easily be located anyways (in the form of distinct encrypted files in the host filesystem). Also note that even if you only intend to encrypt a particular folder, you will have to erase the whole partition if you want to get rid of files that were previously stored in that folder in unencrypted form (due to [[Wikipedia::File_system_fragmentation|disk fragmentation]]). If there are other folders on the same partition, you will have to back them up and move them back afterwards.<br />
<br />
Once you have decided which kind of disk erasure you want to perform, refer to the [[Securely wipe disk]] article for technical instructions.<br />
<br />
{{Tip|In deciding which method to use for secure erasure of a hard disk drive, remember that this will not need to be performed more than once for as long as the drive is used as an encrypted drive.}}<br />
<br />
==How the encryption works==<br />
<br />
This section is intended as a high-level introduction to the concepts and processes which are at the heart of usual disk encryption setups.<br />
<br />
It does not go into technical or mathematical details (consult the appropriate literature for that), but should provide a system administrator with a rough understanding of how different setup choices (especially regarding key management) can affect usability and security.<br />
<br />
===Basic principle===<br />
<br />
For the purposes of disk encryption, each blockdevice (or individual file in the case of stacked filesystem encryption) is divided into '''sectors''' of equal length, for example 512 bytes (4,096 bits). The encryption/decryption then happens on a per-sector basis, so the n'th sector of the blockdevice/file on disk will store the encrypted version of the n'th sector of the original data.<br />
<br />
Whenever the operating system or an application requests a certain fragment of data from the blockdevice/file, the whole sector (or sectors) that contains the data will be read from disk, decrypted on-the-fly, and temporarily stored in memory:<br />
<br />
╔═══════╗<br />
sector 1 ║"???.."║<br />
╠═══════╣ ╭┈┈┈┈┈╮<br />
sector 2 ║"???.."║ ┊ key ┊<br />
╠═══════╣ ╰┈┈┬┈┈╯<br />
: : │<br />
╠═══════╣ ▼ ┣┉┉┉┉┉┉┉┫<br />
sector n ║"???.."║━━━━━━━(decryption)━━━━━━▶┋"abc.."┋ sector n<br />
╠═══════╣ ┣┉┉┉┉┉┉┉┫<br />
: :<br />
╚═══════╝<br />
<br />
encrypted unencrypted<br />
blockdevice or data in RAM<br />
file on disk<br />
<br />
Similarly, on each write operation, all sectors that are affected must be re-encrypted completely (while the rest of the sectors remain untouched). <br />
<br />
In order to be able to de/encrypt data, the disk encryption system needs to know the unique secret "key" associated with it. Whenever the encrypted block device or folder in question is to be mounted, its corresponding key (called henceforth its "master key") must be supplied. <br />
<br />
The entropy of the key is of utmost importance for the security of the encryption. A randomly generated byte string of a certain length, for example 32 bytes (256 bits), has desired properties but is not feasible to remember and apply manually during the mount. <br />
<br />
For that reason two techniques are used as aides. The first is the application of cryptography to increase the entropic property of the master key, usually involving a separate human-friendly passphrase. For the different types of encryption the [[#Comparison table]] lists respective features. The second method is to create a keyfile with high entropy and store it on a medium separate from the data drive to be encrypted. <br />
<br />
See also [[Wikipedia:Authenticated encryption]].<br />
<br />
===Keys, keyfiles and passphrases===<br />
<br />
The following are examples how to store and cryptographically secure a master key with a keyfile:<br />
<br />
;Stored in a plaintext keyfile<br />
<br />
Simply storing the master key in a file (in readable form) is the simplest option. The file - called a "keyfile" - can be placed on a USB stick that you keep in a secure location and only connect to the computer when you want to mount the encrypted parts of the disk (e.g. during boot or login).<br />
<br />
;Stored in passphrase-protected form in a keyfile or on the disk itself<br />
<br />
The master key (and thus the encrypted data) can be protected with a secret passphrase, which you will have to remember and enter each time you want to mount the encrypted block device or folder. See [[#Cryptographic metadata]] below for details.<br />
<br />
;Randomly generated on-the-fly for each session<br />
<br />
In some cases, e.g. when encrypting swap space or a {{ic|/tmp}} partition, it is not necessary to keep a persistent master key at all. A new throwaway key can be randomly generated for each session, without requiring any user interaction. This means that once unmounted, all files written to the partition in question can never be decrypted again by ''anyone'' - which in those particular use-cases is perfectly fine.<br />
<br />
===Cryptographic metadata===<br />
<br />
Frequently the encryption techniques use cryptographic functions to enhance the security of the master key itself. On mount of the encrypted device the passphrase or keyfile is passed through these and only the result can unlock the master key to decrypt the data. <br />
<br />
A common setup is to apply so-called "key stretching" to the passphrase (via a "key derivation function"), and use the resulting enhanced passphrase as the mount key for decrypting the actual master key (which has been previously stored in encrypted form):<br />
<br />
╭┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈╮ ╭┈┈┈┈┈┈┈┈┈┈┈╮<br />
┊ mount passphrase ┊━━━━━⎛key derivation⎞━━━▶┊ mount key ┊<br />
╰┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈╯ ,───⎝ function ⎠ ╰┈┈┈┈┈┬┈┈┈┈┈╯<br />
╭──────╮ ╱ │<br />
│ salt │───────────´ │<br />
╰──────╯ │<br />
╭─────────────────────╮ ▼ ╭┈┈┈┈┈┈┈┈┈┈┈┈╮<br />
│ encrypted master key│━━━━━━━━━━━━━━━━━━━━━━(decryption)━━━▶┊ master key ┊<br />
╰─────────────────────╯ ╰┈┈┈┈┈┈┈┈┈┈┈┈╯<br />
<br />
The '''key derivation function''' (e.g. PBKDF2 or scrypt) is deliberately slow (it applies many iterations of a hash function, e.g. 1000 iterations of HMAC-SHA-512), so that brute-force attacks to find the passphrase are rendered infeasible. For the normal use-case of an authorized user, it will only need to be calculated once per session, so the small slowdown is not a problem.<br />
It also takes an additional blob of data, the so-called "'''salt'''", as an argument - this is randomly generated once during set-up of the disk encryption and stored unprotected as part of the cryptographic metadata. Because it will be a different value for each setup, this makes it infeasible for attackers to speed up brute-force attacks using precomputed tables for the key derivation function.<br />
<br />
The '''encrypted master key''' can be stored on disk together with the encrypted data. This way, the confidentiality of the encrypted data depends completely on the secret passphrase. <br />
<br />
Additional security can be attained by instead storing the encrypted master key in a keyfile on e.g. a USB stick. This provides '''two-factor authentication''': Accessing the encrypted data now requires something only you ''know'' (the passphrase), and additionally something only you ''have'' (the keyfile).<br />
<br />
Another way of achieving two-factor authentication is to augment the above key retrieval scheme to mathematically "combine" the passphrase with byte data read from one or more external files (located on a USB stick or similar), before passing it to the key derivation function.The files in question can be anything, e.g. normal JPEG images, which can be beneficial for [[#Plausible deniability]]. They are still called "keyfiles" in this context, though.<br />
<br />
After it has been derived, the master key is securely stored in memory (e.g. in a kernel keyring), for as long as the encrypted block device or folder is mounted.<br />
<br />
It is usually not used for de/encrypting the disk data directly, though.<br />
For example, in the case of stacked filesystem encryption, each file can be automatically assigned its own encryption key. Whenever the file is to be read/modified, this file key first needs to be decrypted using the main key, before it can itself be used to de/encrypt the file contents:<br />
<br />
╭┈┈┈┈┈┈┈┈┈┈┈┈╮<br />
┊ master key ┊<br />
''file on disk:'' ╰┈┈┈┈┈┬┈┈┈┈┈┈╯<br />
┌ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┐ │<br />
╎╭───────────────────╮╎ ▼ ╭┈┈┈┈┈┈┈┈┈┈╮<br />
╎│ encrypted file key│━━━━(decryption)━━━▶┊ file key ┊<br />
╎╰───────────────────╯╎ ╰┈┈┈┈┬┈┈┈┈┈╯<br />
╎┌───────────────────┐╎ ▼ ┌┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┐<br />
╎│ encrypted file │◀━━━━━━━━━━━━━━━━━(de/encryption)━━━▶┊ readable file ┊<br />
╎│ contents │╎ ┊ contents ┊<br />
╎└───────────────────┘╎ └┈┈┈┈┈┈┈┈┈┈┈┈┈┈┈┘<br />
└ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┘<br />
<br />
In a similar manner, a separate key (e.g. one per folder) may be used for the encryption of file names in the case of stacked filesystem encryption.<br />
<br />
In the case of block device encryption one master key is used per device and, hence, all data. Some methods offer features to assign multiple passphrases/keyfiles for the same device and others not. Some use above mentioned functions to secure the master key and others give the control over the key security fully to the user. Two examples are explained by the cryptographic parameters used by [[dm-crypt]] in plain or LUKS modes. <br />
<br />
When comparing the parameters used by both modes one notes that dm-crypt plain mode has parameters relating to how to locate the keyfile (e.g. {{ic|--keyfile-size}}, {{ic|--keyfile-offset}}). The dm-crypt LUKS mode does not need these, because each blockdevice contains a header with the cryptographic metadata at the beginning. The header includes the used cipher, the encrypted master-key itself and parameters required for its derivation for decryption. The latter parameters in turn result from options used during initial encryption of the master-key (e.g. {{ic|--iter-time}}, {{ic|--use-random}}). <br />
<br />
For the dis-/advantages of the different techniques, please refer back to [[#Comparison table]] or browse the specific pages. <br />
<br />
See also:<br />
* [[Wikipedia:Passphrase]]<br />
* [[Wikipedia:Key (cryptography)]]<br />
* [[Wikipedia:Key management]]<br />
* [[Wikipedia:Key derivation function]]<br />
<br />
===Ciphers and modes of operation===<br />
<br />
The actual algorithm used for translating between pieces of unencrypted and encrypted data (so-called "plaintext" and "ciphertext") which correspond to each other with respect to a given encryption key, is called a "'''cipher'''".<br />
<br />
Disk encryption employs "block ciphers", which operate on fixed-length blocks of data, e.g. 16 bytes (128 bits). At the time of this writing, the predominantly used ones are:<br />
{| class="wikitable" style="margin:0 5em 1.5em 5em;"<br />
! scope="col" style="text-align:left" | <br />
! scope="col" style="text-align:left" | block&nbsp;size<br />
! scope="col" style="text-align:left" | key&nbsp;size<br />
! scope="col" style="text-align:left" | comment<br />
|-<br />
! scope="row" style="text-align:right" | [[Wikipedia:Advanced_Encryption_Standard|AES]]<br />
| 128 bits<br />
| 128, 192 or 256 bits<br />
| ''approved by the NSA for protecting "SECRET" and "TOP SECRET" classified US-government information (when used with a key size of 192 or 256 bits)''<br />
|-<br />
! scope="row" style="text-align:right" | [[wikipedia:Blowfish (cipher)|Blowfish]]<br />
| 64 bits<br />
| 32–448 bits<br />
| ''one of the first patent-free secure ciphers that became publicly available, hence very well established on Linux''<br />
|-<br />
! scope="row" style="text-align:right" | [[Wikipedia:Twofish|Twofish]]<br />
| 128 bits<br />
| 128, 192 or 256 bits<br />
| ''developed as successor of Blowfish, but has not attained as much widespread usage''<br />
|-<br />
! scope="row" style="text-align:right" | [[wikipedia:Serpent (cipher)|Serpent]]<br />
| 128 bits<br />
| 128, 192 or 256 bits<br />
| Considered the most secure of the five AES-competition finalists[http://csrc.nist.gov/archive/aes/round2/r2report.pdf][https://www.cl.cam.ac.uk/~rja14/Papers/serpentcase.pdf][https://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf].<br />
|}<br />
<br />
Encrypting/decrypting a sector ([[#Basic principle|see above]]) is achieved by dividing it into small blocks matching the cipher's block-size, and following a certain rule-set (a so-called "'''mode of operation'''") for how to consecutively apply the cipher to the individual blocks.<br />
<br />
Simply applying it to each block separately without modification (dubbed the "''electronic codebook (ECB)''" mode) would not be secure, because if the same 16 bytes of plaintext always produce the same 16 bytes of ciphertext, an attacker could easily recognize patterns in the ciphertext that is stored on disk.<br />
<br />
The most basic (and common) mode of operation used in practice is "''cipher-block chaining (CBC)''". When encrypting a sector with this mode, each block of plaintext data is combined in a mathematical way with the ciphertext of the previous block, before encrypting it using the cipher. For the first block, since it has no previous ciphertext to use, a special pre-generated data block stored with the sector's cryptographic metadata and called an "'''initialization vector (IV)'''" is used:<br />
<br />
╭──────────────╮<br />
│initialization│<br />
│vector │<br />
╰────────┬─────╯<br />
╭ ╠══════════╣ ╭─key │ ┣┉┉┉┉┉┉┉┉┉┉┫ <br />
│ ║ ║ ▼ ▼ ┋ ┋ . START<br />
┴ ║"????????"║◀━━━━(cipher)━━━━(+)━━━━━┋"Hello, W"┋ block ╱╰────┐<br />
sector n ║ ║ ┋ ┋ 1 ╲╭────┘<br />
of file or ║ ║──────────────────╮ ┋ ┋ ' <br />
blockdevice ╟──────────╢ ╭─key │ ┠┈┈┈┈┈┈┈┈┈┈┨<br />
┬ ║ ║ ▼ ▼ ┋ ┋<br />
│ ║"????????"║◀━━━━(cipher)━━━━(+)━━━━━┋"orld !!!"┋ block<br />
│ ║ ║ ┋ ┋ 2<br />
│ ║ ║──────────────────╮ ┋ ┋<br />
│ ╟──────────╢ │ ┠┈┈┈┈┈┈┈┈┈┈┨<br />
│ ║ ║ ▼ ┋ ┋<br />
: : ... : ... ... : ... : ...<br />
<br />
ciphertext plaintext<br />
on disk in RAM<br />
<br />
When decrypting, the procedure is reversed analogously.<br />
<br />
One thing worth noting is the generation of the unique initialization vector for each sector. The simplest choice is to calculate it in a predictable fashion from a readily available value such as the sector number. However, this might allow an attacker with repeated access to the system to perform a so-called [[wikipedia:Watermarking_attack|watermarking attack]]. To prevent that, a method called "Encrypted salt-sector initialization vector ('''ESSIV''')" can be used to generate the initialization vectors in a way that makes them look completely random to a potential attacker.<br />
<br />
There are also a number of other, more complicated modes of operation available for disk encryption, which already provide built-in security against such attacks (and hence do not require ESSIV).<br />
Some can also additionally guarantee authenticity of the encrypted data (i.e. confirm that it has not been modified/corrupted by someone who does not have access to the key).<br />
<br />
See also:<br />
* [[Wikipedia:Disk encryption theory]]<br />
* [[Wikipedia:Block cipher]]<br />
* [[Wikipedia:Block cipher modes of operation]]<br />
<br />
===Plausible deniability===<br />
<br />
See [[Wikipedia:Plausible deniability]].</div>Powersourcehttps://wiki.archlinux.org/index.php?title=Talk:Docker&diff=481780Talk:Docker2017-07-12T06:38:36Z<p>Powersource: Added root equivalent discussion</p>
<hr />
<div>== Arch Linux bootstrap-based Docker image build setup ==<br />
<br />
I have recently come up with an Arch Linux Docker base image build setup (https://github.com/czka/archlinux-docker), based on bootstrap tarball. Compared to the shell script approach (https://wiki.archlinux.org/index.php/Docker#Build_Image), it has the benefit of enabling Arch Linux Docker image builds on non-Arch hosts, and does not require root.<br />
<br />
What do you think of it? I tried getting some attention on Arch forum (https://bbs.archlinux.org/viewtopic.php?pid=1667108#p1667108) but no reply yet. Maybe I'm re-inveting the wheel? I was thinking not, as no similar solution is documented here on the Wiki. Please let me know.<br />
<br />
In the forum topic I mentioned I'm asking abot 3 things I need to sort out in order to call the whole thing done. I'll appreciate some input.<br />
<br />
== docker0 Bridge gets no IP / no internet access in containers ==<br />
I want to rewrite this section: based on my experience with systemd 232 and Docker 1.13, creating /etc/systemd/network/ipforward.network file as suggested by that section introduces problems where bridges created by Docker loose their IP addresses once all containers using those bridges are stopped, and don't regain the IP.<br />
[[User:Ektich|Ektich]] ([[User talk:Ektich|talk]]) 09:42, 2 March 2017 (UTC)<br />
<br />
== Storage driver section regarding overlay2 ==<br />
<br />
The wording of Arch Linux using overlay2 suggests that the default storage driver is overlay2. From what I can tell, the default storage driver is devicemapper. Perhaps the section should say that there is work being done to make overlay2 the default storage driver and reference a Github issue or something like that. --[[User:Dmp1ce|Dmp1ce]] ([[User talk:Dmp1ce|talk]]) 01:21, 2 April 2017 (UTC)<br />
<br />
== Is stable (instead of Edge) branch of Docker available? ==<br />
<br />
Currently {{Pkg|docker}} gives 17.05 which is the [https://docs.docker.com/edge/ Edge branch]. Stable branch should be 17.03. I guess the maintainer just assumed that most Arch users would like Edge version? --[[User:Franklin Yu|Franklin Yu]] ([[User talk:Franklin Yu|talk]]) 22:00, 17 May 2017 (UTC)<br />
<br />
== Root equivalent through other means than the docker group ==<br />
<br />
I really wouldn't call myself good at docker so I don't feel confident enough to edit this myself. But as far as I've understood, the `root equivalent` warning in the Installation section should at least be added to the Remote API section and probably some others too. Or maybe not everywhere, but some sort of indication that the reader is playing with fire depending on how they configure docker. [[User:Powersource|Powersource]] ([[User talk:Powersource|talk]]) 06:38, 12 July 2017 (UTC)</div>Powersourcehttps://wiki.archlinux.org/index.php?title=Fonts&diff=467992Fonts2017-02-09T13:40:51Z<p>Powersource: /* Unsorted */ Add noto-fonts</p>
<hr />
<div>[[Category:Fonts]]<br />
[[cs:Fonts]]<br />
[[de:Schriftarten]]<br />
[[es:Fonts]]<br />
[[it:Fonts]]<br />
[[ja:フォント]]<br />
[[ru:Fonts]]<br />
[[tr:Yazıtipleri]]<br />
[[zh-hans:Fonts]]<br />
[[zh-hant:Fonts]]<br />
{{Related articles start}}<br />
{{Related|Font configuration}}<br />
{{Related|Java Runtime Environment Fonts}}<br />
{{Related|Metric-compatible fonts}}<br />
{{Related articles end}}<br />
<br />
From [[Wikipedia:Computer font|Wikipedia]]: "A computer font (or font) is an electronic data file containing a set of glyphs, characters, or symbols such as dingbats."<br />
<br />
Note that certain font licenses may impose some legal limitations.<br />
<br />
== Font formats ==<br />
<br />
Most computer fonts used today are in either ''bitmap'' or ''outline'' data formats. <br />
;Bitmap fonts: Consist of a matrix of dots or pixels representing the image of each glyph in each face and size.<br />
;Outline or ''vector'' fonts: Use Bézier curves, drawing instructions and mathematical formulae to describe each glyph, which make the character outlines scalable to any size.<br />
<br />
=== Common extensions ===<br />
<br />
* {{ic|bdf}} and {{ic|bdf.gz}} – bitmap fonts, ''b''itmap ''d''istribution ''f''ormat and gzip compressed {{ic|bdf}}<br />
* {{ic|pcf}} and {{ic|pcf.gz}} – bitmaps, ''p''ortable ''c''ompiled ''f''ont and gzip compressed {{ic|pcf}}<br />
* {{ic|psf}}, {{ic|psfu}}, {{ic|psf.gz}} and {{ic|psfu.gz}} – bitmaps, ''P''C ''s''creen ''f''ont, ''P''C ''s''creen ''f''ont ''U''nicode and the gzipped versions (not compatible with X.Org)<br />
* {{ic|pfa}} and {{ic|pfb}} – outline fonts, ''P''ostScript ''f''ont ''A''SCII and ''P''ostScript ''f''ont ''b''inary. PostScript fonts carry built-in printer instructions.<br />
* {{ic|ttf}} – outline, ''T''rue''T''ype ''f''ont. Originally designed as a replacement for the PostScript fonts.<br />
* {{ic|otf}} – outline, ''O''pen''T''ype ''f''ont. TrueType with PostScript typographic instructions.<br />
<br />
For most purposes, the technical differences between TrueType and OpenType can be ignored, some fonts with a {{ic|ttf}} extension are actually OpenType fonts.<br />
<br />
=== Other formats ===<br />
<br />
The typesetting application, ''TeX,'' and its companion font software, ''Metafont,'' render characters using their own methods. Some of the file extensions used for fonts by these two programs are {{ic|*pk}}, {{ic|*gf}}, {{ic|mf}} and {{ic|vf}}.<br />
<br />
''FontForge,'' a font editing application, can store fonts in its native text-based format, {{ic|sfd}}, ''s''pline ''f''ont ''d''atabase.<br />
<br />
The [http://www.w3.org/TR/SVG/fonts.html SVG] format also has its own font description method.<br />
<br />
== Installation ==<br />
<br />
There are various methods for installing fonts.<br />
<br />
=== Pacman ===<br />
<br />
Fonts and font collections in the enabled repositories can be installed using [[pacman]]. Available fonts may be found by using:<br />
$ pacman -Ss font<br />
<br />
Or to search for {{ic|ttf}} fonts only:<br />
$ pacman -Ss ttf<br />
<br />
=== Creating a package ===<br />
<br />
You should give pacman the ability to manage your fonts, which is done by creating an Arch package. These can also be shared with the community in the [[AUR]]. The packages to install fonts are particularly similar; simply taking an existing [https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/adobe-source-code-pro-fonts package] as template should work well. To learn about how to modify it for your font, please refer to [[Creating packages]].<br />
<br />
The family name of a font file can be aquired with the use of {{ic|fc-query}} for example: {{ic|fc-query -f '%{family[0]}\n' /path/to/file}}. The formatting is described in the FcPatternFormat(3) manual.<br />
<br />
=== Manual installation ===<br />
<br />
The recommended way of adding fonts that are not in the repositories to your system is described in [[#Creating a package]]. This gives pacman the ability to remove or update them at a later time. Fonts can alternately be installed manually as well.<br />
<br />
To install fonts system-wide (available for all users), move the folder to the {{ic|/usr/share/fonts/}} directory. The files need to be readable by every user, use [[chmod]] to set the correct permissions (i.e. at least {{ic|0444}} for files and {{ic|0555}} for directories). To install fonts for only a single user, use {{ic|~/.local/share/fonts}} ({{ic|~/.fonts/}} is now deprecated).<br />
<br />
For Xserver to load fonts directly (as opposed to the use of a ''font server'') the directory for your newly added font must be added with a FontPath entry. This entry is located in the ''Files'' section [[Xorg#Configuration|of your Xorg configuration file]] (e.g. {{ic|/etc/X11/xorg.conf}} or {{ic|/etc/xorg.conf}}). See [[#Older applications]] for more detail.<br />
<br />
Then update the fontconfig font cache: (usually unnecessary as software using the fontconfig library do this.)<br />
<br />
$ fc-cache<br />
<br />
=== Older applications ===<br />
<br />
With older applications that do not support fontconfig (e.g. GTK+ 1.x applications, and {{ic|xfontsel}}) the index will need to be created in the font directory:<br />
<br />
$ mkfontscale<br />
$ mkfontdir<br />
<br />
Or to include more than one folder with one command:<br />
<br />
$ for dir in /font/dir1/ /font/dir2/; do xset +fp $dir; done && xset fp rehash<br />
<br />
Or if fonts were installed in a different sub-folders under the e.g. {{ic|/usr/share/fonts}}:<br />
<br />
$ for dir in * ; do if [ -d "$dir" ]; then cd "$dir";xset +fp "$PWD" ;mkfontscale; mkfontdir;cd .. ;fi; done && xset fp rehash<br />
<br />
At times the X server may fail to load the fonts directory and you will need to rescan all the {{ic|fonts.dir}} files:<br />
<br />
# xset +fp /usr/share/fonts/misc # Inform the X server of new directories<br />
# xset fp rehash # Forces a new rescan<br />
<br />
To check that the font(s) is included:<br />
<br />
$ xlsfonts | grep fontname<br />
<br />
{{note|Many packages will automatically configure Xorg to use the font upon installation. If that is the case with your font, this step is not necessary.}}<br />
<br />
This can also be set globally in {{ic|/etc/X11/xorg.conf}} or {{ic|/etc/X11/xorg.conf.d}}.<br />
<br />
Here is an example of the section that must be added to {{ic|/etc/X11/xorg.conf}}. Add or remove paths based on your particular font requirements.<br />
<br />
# Let X.Org know about the custom font directories<br />
Section "Files"<br />
FontPath "/usr/share/fonts/100dpi"<br />
FontPath "/usr/share/fonts/75dpi"<br />
FontPath "/usr/share/fonts/cantarell"<br />
FontPath "/usr/share/fonts/cyrillic"<br />
FontPath "/usr/share/fonts/encodings"<br />
FontPath "/usr/share/fonts/misc"<br />
FontPath "/usr/share/fonts/truetype"<br />
FontPath "/usr/share/fonts/TTF"<br />
FontPath "/usr/share/fonts/util"<br />
EndSection<br />
<br />
=== Pango Warnings ===<br />
<br />
When [http://www.pango.org/ Pango] is in use on your system it will read from [http://www.freedesktop.org/wiki/Software/fontconfig fontconfig] to sort out where to source fonts.<br />
<br />
(process:5741): Pango-WARNING **: failed to choose a font, expect ugly output. engine-type='PangoRenderFc', script='common'<br />
(process:5741): Pango-WARNING **: failed to choose a font, expect ugly output. engine-type='PangoRenderFc', script='latin'<br />
<br />
If you are seeing errors similar to this and/or seeing blocks instead of characters in your application then you need to add fonts and update the font cache. This example uses the {{Pkg|ttf-liberation}} fonts to illustrate the solution (after successful installation of the package) and runs as root to enable them system-wide.<br />
<br />
# fc-cache<br />
/usr/share/fonts: caching, new cache contents: 0 fonts, 3 dirs<br />
/usr/share/fonts/TTF: caching, new cache contents: 16 fonts, 0 dirs<br />
/usr/share/fonts/encodings: caching, new cache contents: 0 fonts, 1 dirs<br />
/usr/share/fonts/encodings/large: caching, new cache contents: 0 fonts, 0 dirs<br />
/usr/share/fonts/util: caching, new cache contents: 0 fonts, 0 dirs<br />
/var/cache/fontconfig: cleaning cache directory<br />
fc-cache: succeeded<br />
<br />
You can test for a default font being set like so:<br />
<br />
# fc-match<br />
LiberationMono-Regular.ttf: "Liberation Mono" "Regular"<br />
<br />
== Console fonts ==<br />
<br />
{{Note|This section is about the [[Wikipedia:Linux console|Linux console]]. For alternative console solutions offering more features (full Unicode fonts, modern graphics adapters etc.), see [[fbterm]], [[KMSCON]] or similar projects.}}<br />
<br />
By default, the [[Wikipedia:Virtual console|virtual console]] uses the kernel built-in font with a [[Wikipedia:CP437|CP437]] character set,<sup>[https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/tty/vt/Makefile#n4]</sup> but this can be easily changed.<br />
<br />
The [[Wikipedia:Linux console|Linux console]] uses UTF-8 encoding by default, but because the standard VGA-compatible framebuffer is used, a console font is limited to either a standard 256, or 512 glyphs. If the font has more than 256 glyphs, the number of colours is reduced from 16 to 8. In order to assign correct symbol to be displayed to the given Unicode value, a special translation map, often called ''unimap'', is needed. Nowadays most of the console fonts have the ''unimap'' built-in, historically it had to be loaded separately.<br />
<br />
The {{Pkg|kbd}} package provides tools to change virtual console font and font mapping. Available fonts are saved in the {{ic|/usr/share/kbd/consolefonts/}} directory, those ending with ''.psfu'' or ''.psfu.gz'' have a Unicode translation map built-in.<br />
<br />
Keymaps, the connection between the key pressed and the character used by the computer, are found in the subdirectories of {{ic|/usr/share/kbd/keymaps/}}, see [[Keyboard configuration in console]] for details.<br />
<br />
{{Note|Replacing the font can cause issues with programs that expect a standard VGA-style font, such as those using line drawing graphics.}}<br />
<br />
{{Tip|For European based languages written in Latin/Greek letters you can use {{ic|eurlatgr}} font, it includes a broad range of Latin/Greek letter variations as well as<br />
special characters [https://lists.altlinux.org/pipermail/kbd/2014-February/000439.html].}}<br />
<br />
=== Preview and temporary changes ===<br />
<br />
{{Tip|An organized library of images for previewing is available: [http://alexandre.deverteuil.net/pages/consolefonts/ Linux console fonts screenshots].}}<br />
<br />
$ showconsolefont<br />
<br />
shows a table of glyphs or letters of a font.<br />
<br />
{{ic|setfont}} temporarily change the font if passed a font name (in {{ic|/usr/share/kbd/consolefonts/}}) such as<br />
<br />
$ setfont lat2-16 -m 8859-2<br />
<br />
Font names are case-sensitive. With no parameter, {{ic|setfont}} returns the console to the default font.<br />
<br />
{{Tip|All font changing commands can be typed in "blind".}}<br />
<br />
{{Note|''setfont'' only works on the console currently being used. Any other consoles, active or inactive, remain unaffected.}}<br />
<br />
=== Persistent configuration ===<br />
<br />
The {{ic|FONT}} variable in {{ic|/etc/vconsole.conf}} is used to set the font at boot, persistently for all consoles. See {{ic|man 5 vconsole.conf}} for details.<br />
<br />
For displaying characters such as ''Č, ž, đ, š'' or ''Ł, ę, ą, ś'' using the font {{ic|lat2-16.psfu.gz}}:<br />
<br />
{{hc|/etc/vconsole.conf|2=<br />
...<br />
FONT=lat2-16<br />
FONT_MAP=8859-2<br />
}}<br />
<br />
It means that second part of ISO/IEC 8859 characters are used with size 16. You can change font size using other values (e.g. {{ic|lat2-08}}). For the regions determined by 8859 specification, look at the [[wikipedia:ISO/IEC_8859#The_Parts_of_ISO.2FIEC_8859|Wikipedia table]].<br />
<br />
To use the specified font in early userspace, use the {{ic|consolefont}} hook in {{ic|/etc/mkinitcpio.conf}}. See [[Mkinitcpio#HOOKS]] for more information. <br />
<br />
If the fonts seems to not change on boot, or change only temporarily, it is most likely that they got reset when graphics driver was initialized and console was switched to framebuffer. To avoid this, load your graphics driver earlier. See for example [[Kernel mode setting#Early KMS start]], [https://bbs.archlinux.org/viewtopic.php?id=145765] or other ways to setup your framebuffer before {{ic|/etc/vconsole.conf}} is applied.<br />
<br />
== Font packages ==<br />
<br />
This is a selective list that includes many font packages from the [[AUR]] along with those in the official repositories. Fonts are tagged "Unicode" if they have wide Unicode support, see the project or Wikipedia pages for detail.<br />
<br />
Github user Ternstor has created a python script that generates HTML documents with PNG images of all the fonts in the AUR and the official repositories: [https://github.com/ternstor/distrofonts/blob/master/archfonts.py].<br />
<br />
=== Latin script ===<br />
<br />
==== Monospaced ====<br />
<br />
Here are some suggestions. Every user has their own favorite, so experiment to find yours. <br />
If you are in a hurry, you read Dan Benjamin's blog post: [http://hivelogic.com/articles/top-10-programming-fonts ''Top 10 Programming Fonts''].<br />
<br />
Here is a long list of fonts by Trevor Lowing: http://www.lowing.org/fonts/.<br />
<br />
A comparison with images on Slant: [http://www.slant.co/topics/67/~what-are-the-best-programming-fonts What are the best programming fonts?]<br />
<br />
And a Stack Overflow question with some images: [http://stackoverflow.com/questions/4689/recommended-fonts-for-programming Recommended fonts for programming]<br />
<br />
===== TrueType =====<br />
<br />
* [[Wikipedia:Andalé Mono|Andalé Mono]] ({{AUR|ttf-ms-fonts}})<br />
* [http://www.marksimonson.com/fonts/view/anonymous-pro Anonymous Pro] ({{pkg|ttf-anonymous-pro}}, included in {{AUR|ttf-google-fonts-git}})<br />
* [[Wikipedia:Bitstream Vera|Bitstream Vera Mono]] ({{Pkg|ttf-bitstream-vera}})<br />
* [[Wikipedia:Consolas|Consolas]] ({{AUR|ttf-vista-fonts}}) - Windows programming font<br />
* [[Wikipedia:Courier New|Courier New]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:Croscore_fonts|Cousine]] ({{Pkg|ttf-croscore}}) - Chrome/Chromium OS replacement for Courier New (metric-compatible)<br />
* [[Wikipedia:DejaVu fonts|DejaVu Sans Mono]] ({{Pkg|ttf-dejavu}}) - Unicode<br />
* [[Wikipedia:Droid (font)|Droid Sans Mono]] ({{Pkg|ttf-droid}}, included in {{AUR|ttf-google-fonts-git}})<br />
* [https://damieng.com/blog/2008/05/26/envy-code-r-preview-7-coding-font-released Envy Code R] ({{AUR|ttf-envy-code-r}})<br />
* Fantasque Sans Mono ({{AUR|ttf-fantasque-sans}} or {{AUR|ttf-fantasque-sans-git}})<br />
* [[Wikipedia:Fira_Sans|Fira Mono]] ({{pkg|ttf-fira-mono}})<br />
* [[Wikipedia:GNU FreeFont|FreeMono]] ({{Pkg|ttf-freefont}}) - Unicode<br />
* [https://sourcefoundry.org/hack/ Hack]] ({{pkg|ttf-hack}})<br />
* [[Wikipedia:Inconsolata|Inconsolata]] ({{Pkg|ttf-inconsolata}}, included in {{AUR|ttf-google-fonts-git}}) - Excellent programming font<br />
* [[Wikipedia:Inconsolata|Inconsolata-g]] ({{AUR|ttf-inconsolata-g}}) - adds some programmer-friendly modifications<br />
* [[Wikipedia:Liberation fonts|Liberation Mono]] ({{Pkg|ttf-liberation}}) - Replacement for Courier New, based on Cousine (metric-compatible)<br />
* [[Wikipedia:Lucida Typewriter|Lucida Typewriter]] (included in package {{AUR|jre}})<br />
* [[Wikipedia:Monaco (typeface)|Monaco]] ({{AUR|ttf-monaco}}) - Popular programming font on OSX/Textmate<br />
* Monofur ({{AUR|ttf-monofur}})<br />
* [[Wikipedia:Roboto|Roboto]] ({{Pkg|ttf-roboto}})<br />
* [[Wikipedia:Source_Code_Pro|Source Code Pro]] ({{pkg|adobe-source-code-pro-fonts}})<br />
<br />
===== Bitmap =====<br />
<br />
* Default 8x16<br />
* Dina ({{Pkg|dina-font}})<br />
* [http://font.gohu.org/ Gohu] ({{AUR|gohufont}})<br />
* Lime ({{Pkg|artwiz-fonts}})<br />
* [[Wikipedia:ProFont|ProFont]] ({{Pkg|profont}})<br />
* [[Wikipedia:Proggy Programming Fonts|Proggy Programming Fonts]] ({{AUR|proggyfonts}})<br />
* Tamsyn ({{Pkg|tamsyn-font}})<br />
* [http://terminus-font.sourceforge.net/ Terminus] ({{Pkg|terminus-font}})<br />
* [https://github.com/lucy/tewi-font Tewi] ({{AUR|bdf-tewi-git}})<br />
* [http://unifoundry.com/unifont.html Unifont] ([[Wikipedia:Unicode font#Comparison of fonts|most extensive]] Unicode coverage of any font) ({{Pkg|bdf-unifont}})<br />
<br />
==== Sans-serif ====<br />
<br />
* [http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=andika Andika] ({{AUR|ttf-andika}})<br />
* [[Wikipedia:Arial|Arial]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:Arial Black|Arial Black]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:Croscore_fonts|Arimo]] ({{Pkg|ttf-croscore}}) - Chrome/Chromium OS replacement for Arial (metric-compatible)<br />
* [[Wikipedia:Calibri|Calibri]] ({{AUR|ttf-vista-fonts}})<br />
* [[Wikipedia:Candara|Candara]] ({{AUR|ttf-vista-fonts}})<br />
* [[Wikipedia:Comic Sans|Comic Sans]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:Corbel (typeface)|Corbel]] ({{AUR|ttf-vista-fonts}})<br />
* [[Wikipedia:DejaVu fonts|DejaVu Sans]] ({{Pkg|ttf-dejavu}}) - Unicode<br />
* [[Wikipedia:Droid (font)|Droid Sans]] ({{Pkg|ttf-droid}}, included in {{AUR|ttf-google-fonts-git}})<br />
* [[Wikipedia:GNU FreeFont|FreeSans]] ({{Pkg|ttf-freefont}}) - Unicode<br />
* [[Wikipedia:Impact (typeface)|Impact]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:Liberation fonts|Liberation Sans]] ({{Pkg|ttf-liberation}}) Replacement for Arial, based on Arimo (metric-compatible)<br />
* [[Wikipedia:Linux Libertine|Linux Biolinum]] ({{Pkg|ttf-linux-libertine}})<br />
* [[Wikipedia:Lucida Sans|Lucida Sans]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:Microsoft Sans Serif|Microsoft Sans Serif]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:PT Sans|PT Sans]] ({{AUR|ttf-google-fonts-git}}) - 3 major variations: normal, narrow, and caption - Unicode: Latin, Cyrillic<br />
* [[Wikipedia:Source Sans Pro|Source Sans Pro]] ({{pkg|adobe-source-sans-pro-fonts}})<br />
* [[Wikipedia:Tahoma (typeface)|Tahoma]] ({{AUR|ttf-tahoma}})<br />
* [[Wikipedia:Trebuchet MS|Trebuchet]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:Ubuntu Font Family|Ubuntu Font Family]] ({{Pkg|ttf-ubuntu-font-family}})<br />
* [[Wikipedia:Verdana|Verdana]] ({{AUR|ttf-ms-fonts}})<br />
<br />
==== Serif ====<br />
<br />
* [[Wikipedia:Cambria (typeface)|Cambria]] ({{AUR|ttf-vista-fonts}})<br />
* [[Wikipedia:Constantia (typeface)|Constantia]] ({{AUR|ttf-vista-fonts}})<br />
* [[Wikipedia:DejaVu fonts|DejaVu Serif]] ({{Pkg|ttf-dejavu}}) - Unicode<br />
* [[Wikipedia:Droid (font)|Droid Serif]] ({{Pkg|ttf-droid}}, included in {{AUR|ttf-google-fonts-git}})<br />
* [[Wikipedia:GNU FreeFont|FreeSerif]] ({{Pkg|ttf-freefont}}) - Unicode<br />
* [[Wikipedia:Gentium|Gentium]] ({{Pkg|ttf-gentium}}) - Unicode: Latin, Greek, Cyrillic, Phonetic Alphabet<br />
* [[Wikipedia:Georgia (typeface)|Georgia]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:Liberation fonts|Liberation Serif]] ({{Pkg|ttf-liberation}}) - Replacement for Times New Roman, based on Tinos (metric-compatible)<br />
* [[Wikipedia:Linux Libertine|Linux Libertine]] ({{Pkg|ttf-linux-libertine}}) - Unicode: Latin, Greek, Cyrillic, Hebrew<br />
* [[Wikipedia:Times New Roman|Times New Roman]] ({{AUR|ttf-ms-fonts}})<br />
* [[Wikipedia:Croscore_fonts|Tinos]] ({{Pkg|ttf-croscore}}) - Chrome/Chromium OS replacement for Times New Roman (metric-compatible)<br />
<br />
==== Unsorted ====<br />
<br />
{{Style|This section should be absorbed into the Monospace/Serif/Sans-Serif structure}}<br />
<br />
* {{Pkg|font-bh-ttf}} - X.Org Luxi fonts<br />
* {{Pkg|ttf-cheapskate}} - Font collection from ''dustismo.com''<br />
* {{Pkg|ttf-junicode}} - Junius font containing almost complete medieval latin script glyphs<br />
* {{Pkg|ttf-mph-2b-damase}} - Covers full plane 1 and several scripts<br />
* {{Pkg|xorg-fonts-type1}} - IBM Courier and Adobe Utopia sets of [[Wikipedia:PostScript fonts|PostScript fonts]]<br />
* {{Pkg|noto-fonts}} - Google Noto TTF fonts<br />
* {{AUR|all-repository-fonts}} - Meta package for all fonts in the official repositories.<br />
* {{AUR|ttf-google-fonts-git}} - a huge collection of free fonts (including ubuntu, inconsolata, droid, etc.) - Note: Your font dialog might get very long as >100 fonts will be added.<br />
<br />
=== Non-latin scripts ===<br />
<br />
==== Ancient Scripts ====<br />
<br />
* {{AUR|ttf-ancient-fonts}} - Font containing Unicode symbols for Aegean, Egyptian, Cuneiform, Anatolian, Maya, and Analecta scripts<br />
<br />
==== Arabic ====<br />
<br />
* {{AUR|ttf-amiri}} - A classical Arabic typeface in Naskh style poineered by Amiria Press<br />
* {{AUR|ttf-arabeyes-fonts}} - Collection of free Arabic fonts<br />
* {{AUR|ttf-qurancomplex-fonts}} - Fonts by King Fahd Glorious Quran Printing Complex in al-Madinah al-Munawwarah<br />
* {{AUR|ttf-sil-lateef}} - Unicode Arabic font from SIL<br />
* {{AUR|ttf-sil-scheherazade}} - Unicode Arabic font from SIL<br />
<br />
==== Braille ====<br />
<br />
*{{Pkg|ttf-ubraille}} - Font containing Unicode symbols for ''braille''<br />
<br />
==== Chinese, Japanese, Korean, Vietnamese ====<br />
<br />
===== Pan-CJK =====<br />
<br />
* {{Pkg|adobe-source-han-sans-otc-fonts}} - Large collection of fonts which comprehensively support Simplified Chinese, Traditional Chinese, Japanese, and Korean, with a consistent design and look.<br />
* {{Pkg|noto-fonts-cjk}} - Large collection of fonts which comprehensively support Simplified Chinese, Traditional Chinese, Japanese, and Korean, with a consistent design and look. It is currently a rebadged version of {{Pkg|adobe-source-han-sans-otc-fonts}}.<br />
<br />
===== Chinese =====<br />
<br />
* {{Pkg|adobe-source-han-sans-cn-fonts}} - Simplified Chinese OpenType/CFF fonts<br />
* {{Pkg|adobe-source-han-sans-tw-fonts}} - Traditional Chinese OpenType/CFF fonts<br />
* {{Pkg|ttf-arphic-ukai}} - ''Kaiti'' (brush stroke) Unicode font (enabling anti-aliasing is suggested)<br />
* {{Pkg|ttf-arphic-uming}} - ''Mingti'' (printed) Unicode font<br />
* {{Pkg|opendesktop-fonts}} - ''New Sung'' font, previously is ttf-fireflysung package<br />
* {{Pkg|wqy-microhei}} - A Sans-Serif style high quality CJKV outline font.<br />
* {{Pkg|wqy-zenhei}} - Hei Ti Style (sans-serif) Chinese Outline font embedded with bitmapped Song Ti (also supporting Japanese (partial) and Korean characters).<br />
* {{Pkg|wqy-bitmapfont}} - Bitmapped Song Ti (serif) Chinese font<br />
* {{AUR|ttf-i.bming}} - CJK serif font that emphasis on an old-style typeface<br />
* {{AUR|ttf-tw}} - Kai and Song traditional Chinese font from the Ministry of Education of Taiwan<br />
<br />
===== Japanese =====<br />
<br />
* {{Pkg|adobe-source-han-sans-jp-fonts}} - Japanese OpenType/CFF fonts<br />
* {{Pkg|otf-ipafont}} - Formal style Japanese Gothic (sans-serif) and Mincho (serif) fonts set; one of the highest quality open source font. Default of openSUSE-ja.<br />
* {{Pkg|ttf-hanazono}} - A free Japanese kanji font, style Mincho (serif).<br />
* {{Pkg|ttf-sazanami}} - Japanese free TrueType font. This is outdated and not maintained any more, but may be defined as a fallback font on several environments.<br />
* {{AUR|ttf-koruri}} - Japanese TrueType font obtained by mixing {{AUR|ttf-mplus}} and Open Sans<br />
* {{AUR|ttf-monapo}} - Japanese fonts to show [[wikipedia:2channel_Shift_JIS_art|2channel Shift JIS art]] properly.<br />
* {{AUR|ttf-mplus}} - Modern Gothic style Japanese outline fonts. It includes all of Japanese Hiragana/Katakana, Basic Latin, Latin-1 Supplement, Latin Extended-A, IPA Extensions and most of Japanese Kanji, Greek, Cyrillic, Vietnamese with 7 weights (proportional) or 5 weights (monospace).<br />
* {{AUR|ttf-vlgothic}} - Japanese Gothic fonts. Default of Debian/Fedora/Vine Linux<br />
<br />
===== Korean =====<br />
<br />
* {{Pkg|adobe-source-han-sans-kr-fonts}} - Korean OpenType/CFF fonts<br />
* {{Pkg|ttf-baekmuk}} - Collection of Korean TrueType fonts<br />
* {{AUR|spoqa-han-sans}} - Source Han Sans customized by Spoqa<br />
* {{AUR|ttf-d2coding}} - D2Coding fixed width TrueType font made by Naver<br />
* {{AUR|ttf-nanum}} - Nanum series TrueType fonts<br />
* {{AUR|ttf-nanumgothic_coding}} - Nanum series fixed width TrueType fonts<br />
<br />
===== Vietnamese =====<br />
<br />
* {{Pkg|ttf-hannom}} - Vietnamese TrueType font for chữ Nôm characters<br />
<br />
==== Cyrillic ====<br />
<br />
See also [[#Latin script]].<br />
<br />
* {{AUR|ttf-paratype}} - Font family by ParaType: sans, serif, mono, extended cyrillic and latin, OFL license<br />
* {{AUR|otf-russkopis}} - A free OpenType cursive font for Cyrillic script<br />
<br />
==== Greek ====<br />
<br />
Almost all Unicode fonts contain the Greek character set (polytonic included). Some additional font packages, which might not contain the complete Unicode set but utilize high quality Greek (and Latin, of course) typefaces are:<br />
<br />
* {{AUR|otf-gfs}} - Selection of OpenType fonts from the Greek Font Society<br />
* {{AUR|ttf-mgopen}} - Professional TrueType fonts from Magenta<br />
<br />
==== Hebrew ====<br />
<br />
* {{AUR|culmus}} - Nice collection of free Hebrew fonts<br />
<br />
==== Indic ====<br />
<br />
* {{Pkg|ttf-freebanglafont}} - Font for Bangla<br />
* {{Pkg|ttf-indic-otf}} - Indic OpenType Fonts collection (containing ttf-freebanglafont), provides the character [http://www.fileformat.info/info/unicode/char/ca0/index.htm U+0CA0] "ಠ"<br />
* {{AUR|lohit-fonts}} - Indic TrueType fonts from Fedora Project (containing Oriya Fonts and more)<br />
* {{AUR|ttf-devanagarifonts}} - Devanagari TrueType fonts (contains 283 fonts)<br />
* {{AUR|ttf-gurmukhi-fonts_sikhnet}} - TrueType Gurmukhi fonts (gurbaniwebthick,prabhki)<br />
* {{AUR|ttf-gurmukhi_punjabi}} - TTF Gurmukhi / Punjabi (contains 252 fonts)<br />
* {{AUR|ttf-gujrati-fonts}} - TTF Gujarati fonts (Avantika,Gopika,Shree768)<br />
* {{AUR|ttf-kannada-font}} - Kannada, the language of Karnataka state in India<br />
* {{AUR|ttf-lklug}} - Sinhala Unicode font<br />
* {{AUR|ttf-tamil}} - Tamil Unicode fonts<br />
* {{AUR|ttf-urdufonts}} - Urdu fonts (Jameel Noori Nastaleeq (+kasheeda), Nafees Web Naskh, PDMS Saleem Quran Font) and font configuration to set Jameel Noori Nastaleeq as default font for Urdu<br />
<br />
==== Khmer ====<br />
<br />
* {{Pkg|ttf-khmer}} - Font covering glyphs for Khmer language<br />
* [https://www.google.com/fonts/specimen/Hanuman Hanuman] ({{AUR|ttf-google-fonts-git}})<br />
<br />
==== Mongolic and Tungusic ====<br />
<br />
* {{AUR|ttf-abkai}} - Fonts for Sibe, Manchu and Daur scripts (incomplete, currently in development)<br />
<br />
==== Persian ====<br />
<br />
* {{AUR|persian-fonts}} - Meta package for installing all Persian fonts in AUR.<br />
* {{AUR|borna-fonts}} - Borna Rayaneh Co. Persian B font series.<br />
* {{AUR|iran-nastaliq-fonts}} - A free Unicode calligraphic Persian font.<br />
* {{AUR|iranian-fonts}} - Iranian-Sans and Iranian-Serif Persian font family.<br />
* {{AUR|ir-standard-fonts}} - Iran Supreme Council of Information and Communication Technology (SCICT) standard Persian fonts.<br />
* {{AUR|persian-hm-ftx-fonts}} - A Persian font series derived from X Series 2, Metafont and FarsiTeX fonts with Kashida feature.<br />
* {{AUR|persian-hm-xs2-fonts}} - A Persian font series derived from X Series 2 fonts with Kashida feature.<br />
* {{AUR|sina-fonts}} - Sina Pardazesh Co. Persian font series.<br />
* {{AUR|gandom-fonts}}, {{AUR|parastoo-fonts}}, {{AUR|sahel-fonts}}, {{AUR|samim-fonts}}, {{AUR|shabnam-fonts}}, {{AUR|tanha-fonts}}, {{AUR|vazir-fonts}}, {{AUR|vazir-code-fonts}} - Beautiful Persian fonts made by Ali Rasti Kerdar.<br />
* {{AUR|ttf-yas}} - The Yas Persian font series (with '''hollow zero''').<br />
* {{AUR|ttf-x2}} - Free fonts with support for Persian, Arabic, Urdu, Pashto, Dari, Uzbek, Kurdish, Uighur, old Turkish (Ottoman) and modern Turkish (Roman).<br />
<br />
==== Tai–Kadai ====<br />
<br />
* {{Pkg|ttf-tlwg}}{{Broken package link|replaced by {{Pkg|fonts-tlwg}}}} - Collection of scalable Thai fonts<br />
* {{AUR|ttf-lao}} - Lao TTF font (Phetsarath_OT)<br />
* {{AUR|ttf-lao-fonts}} - Lao TTF fonts, both Unicode and non-Unicode for Windows<br />
<br />
==== Tibeto-Burman ====<br />
<br />
* {{Pkg|ttf-tibetan-machine}} - Tibetan Machine TTFont<br />
* {{AUR|ttf-my-paduk}} - Padauk font for Myanmar/Birmania<br />
* {{AUR|ttf-myanmar-fonts}} - 121 Fonts from myordbok.com<br />
<br />
=== Emoji and symbols ===<br />
<br />
A section of the Unicode standard is designated for pictographic characters called "emoji".<br />
<br />
* {{Pkg|noto-fonts-emoji}} - Google's own emoji font, like on Android or Google Hangouts. Some newer additions to Unicode appear to render poorly with Noto fonts.<br />
* {{Pkg|ttf-symbola}} - provides many Unicode symbols, including emoji, in outline style.<br />
* {{AUR|ttf-emojione-color}} - a color and B&W emoji SVGinOT font built from EmojiOne (It's the same as {{AUR|emojione-color-font}} but with less harmfull configurations).<br />
* {{AUR|emojione-color-font}} - a complete, independent, open-source emoji set focused on design correctness.<br />
* {{AUR|twemoji-color-font}} - Twitter's open-sourced emoji glyphs.<br />
<br />
[[wikipedia:Emoticon#Japanese_style|Kaomoji]] are sometimes referred to as "Japanese emoticons" and are composed of characters from various character sets, including CJK and Indic fonts. For example, the following set of packages covers most of existing kaomoji: {{Pkg|ttf-freefont}}, {{Pkg|ttf-arphic-uming}}, and {{Pkg|ttf-indic-otf}}.<br />
<br />
=== Math ===<br />
<br />
* {{Pkg|font-mathematica}} - Mathematica fonts by Wolfram Research, Inc.<br />
* {{Pkg|texlive-core}} and {{Pkg|texlive-fontsextra}} contain many math fonts such as Latin Modern Math and [[Wikipedia:STIX Fonts project|STIX Fonts]]. See [[TeX Live#Fonts]] for configuration.<br />
* {{AUR|otf-latin-modern}}, {{AUR|otf-latinmodern-math}} - Improved version of Computer Modern fonts as used in LaTeX<br />
* {{AUR|otf-xits}} - An OpenType implementation of [[Wikipedia:STIX Fonts project|STIX Fonts]] with support for maths written from right to left.<br />
* {{AUR|ttf-computer-modern-fonts}}, {{AUR|otf-cm-unicode}} - [[wikipedia:Computer Modern|Computer Modern]] (of TeX fame)<br />
* {{AUR|ttf-mathtype}} - MathType fonts<br />
<br />
=== Other operating system fonts ===<br />
<br />
* {{AUR|ttf-mac-fonts}} - Apple MacOS TrueType fonts<br />
<br />
See [[Metric-compatible fonts]], which lists available alternatives for [[Microsoft fonts]].<br />
<br />
== Fallback font order with X11 ==<br />
<br />
Fontconfig automatically chooses a font that matches the current requirement. That is to say, if one is looking at a window containing English and Chinese for example, it will switch to another font for the Chinese text if the default one does not support it.<br />
<br />
Fontconfig lets every user configure the order they want via {{ic|$XDG_CONFIG_HOME/fontconfig/fonts.conf}}.<br />
If you want a particular Chinese font to be selected after your favorite Serif font, your file would look like this:<br />
<br />
<?xml version="1.0"?><br />
<!DOCTYPE fontconfig SYSTEM "fonts.dtd"><br />
<fontconfig><br />
<alias><br />
<family>serif</family><br />
<prefer><br />
<family>Your favorite Latin Serif font name</family><br />
<family>Your Chinese font name</family><br />
</prefer><br />
</alias><br />
</fontconfig><br />
<br />
{{Tip|If you use a Chinese locale, set {{ic|LC_LANG}} to {{ic|und}} to make this work. Otherwise both English and Chinese text will be rendered in the Chinese font.}}<br />
<br />
You can add a section for sans-serif and monospace as well. For more informations, have a look at the fontconfig manual.<br />
<br />
See also [[Font configuration#Replace or set default fonts]].<br />
<br />
== Font alias ==<br />
<br />
There are several font aliases which represent other fonts in order that applications may use similar fonts. The most common aliases are: {{ic|serif}} for a font of the serif type (e.g. DejaVu Serif); {{ic|sans-serif}} for a font of the sans-serif type (e.g. DejaVu Sans); and {{ic|monospace}} for a monospaced font (e.g. DejaVu Sans Mono). However, the fonts which these aliases represent may vary and the relationship is often not shown in font management tools, such as those found in [[KDE]] and other [[desktop environments]].<br />
<br />
To reverse an alias and find which font it is representing, run:<br />
<br />
{{hc|$ fc-match monospace|<br />
DejaVuSansMono.ttf: "DejaVu Sans Mono" "Book"<br />
}}<br />
<br />
In this case, {{ic|DejaVuSansMono.ttf}} is the font represented by the monospace alias.<br />
<br />
== Tips and tricks ==<br />
<br />
=== List all installed fonts ===<br />
<br />
You can use the following command to list all installed Fontconfig fonts that are available on your system. <br />
<br />
$ fc-list<br />
<br />
=== Lists installed fonts for a particular language ===<br />
<br />
Applications and browsers select and display fonts depending upon fontconfig preferences and available font glyph for Unicode text. To list installed fonts for a particular language, issue a command {{ic|<nowiki>fc-list :lang="two letter language code"</nowiki>}}. For instance, to list installed Arabic fonts or fonts supporting Arabic glyph:<br />
{{hc|$ fc-list -f '%{file}\n' :lang&#61;ar|2=<br />
<nowiki><br />
/usr/share/fonts/TTF/FreeMono.ttf<br />
/usr/share/fonts/TTF/DejaVuSansCondensed.ttf<br />
/usr/share/fonts/truetype/custom/DroidKufi-Bold.ttf<br />
/usr/share/fonts/TTF/DejaVuSansMono.ttf<br />
/usr/share/fonts/TTF/FreeSerif.ttf<br />
</nowiki><br />
}}<br />
<br />
=== Set terminal font on-the-fly ===<br />
<br />
{{Expansion|Which terminals specifically support this method? Where is the documentation for the escape codes?}}<br />
<br />
For terminal emulators that use {{ic|Xresources}}, fonts can be set by using escape sequences. Specifically, {{ic|echo -e "\033]710;$font\007"}} to change the normal font ({{ic|*font}} in {{ic|~/.Xresources}}), and replace {{ic|710}} with {{ic|711}}, {{ic|712}}, and {{ic|713}} to change the {{ic|*boldFont}}, {{ic|*italicFont}}, and {{ic|*boldItalicFont}}, respectively.<br />
<br />
{{ic|$font}} uses the same syntax as in {{ic|~/.Xresources}} and can be anything the terminal emulator will support. (Example: {{ic|1=xft:dejavu sans mono:size=9}})<br />
<br />
=== Application-specific font cache ===<br />
<br />
Matplotlib ({{pkg|python-matplotlib}} or {{pkg|python2-matplotlib}}) uses its own font cache, so after updating fonts, be sure to remove {{ic|$HOME/.matplotlib/fontList.cache}}, <br />
{{ic|$HOME/.cache/matplotlib/fontList.cache}}, {{ic|$HOME/.sage/matplotlib-1.2.1/fontList.cache}}, etc. so it will regenerate its cache and find the new fonts [http://matplotlib.1069221.n5.nabble.com/getting-matplotlib-to-recognize-a-new-font-td40500.html].<br />
<br />
== See also ==<br />
<br />
* [http://behdad.org/text/ State of Text Rendering]</div>Powersourcehttps://wiki.archlinux.org/index.php?title=Acer_Aspire_V3-372&diff=452380Acer Aspire V3-3722016-09-29T15:58:51Z<p>Powersource: Camera is working</p>
<hr />
<div>[[Category:Acer]]<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status''' || '''Modules'''<br />
|-<br />
| Intel || {{G|Working}} || i915<br />
|-<br />
| Ethernet || {{G|Working}} || r8168<br />
|-<br />
| Wireless || {{G|Working}} || ath10k_pci<br />
|-<br />
| Audio || {{G|Working}} || snd_hda_intel<br />
|-<br />
| Touchpad || {{G|Working}} || (see below)<br />
|-<br />
| Camera || {{G|Working}} || uvcvideo<br />
|-<br />
| Card Reader || {{Y|Untested}} || rtsx_usb<br />
|-<br />
| Bluetooth || {{G|Working}}|| <br />
|}<br />
Information for the Acer Aspire V3-372 51EK (Core i5-6200U, 4GiB RAM, 128GB SSD).<br />
<br />
== Devices ==<br />
<br />
{{hc|# lspci|<br />
00:00.0 Host bridge: Intel Corporation Sky Lake Host Bridge/DRAM Registers (rev 08)<br />
00:02.0 VGA compatible controller: Intel Corporation Sky Lake Integrated Graphics (rev 07)<br />
00:14.0 USB controller: Intel Corporation Device 9d2f (rev 21)<br />
00:14.2 Signal processing controller: Intel Corporation Device 9d31 (rev 21)<br />
00:15.0 Signal processing controller: Intel Corporation Device 9d60 (rev 21)<br />
00:15.1 Signal processing controller: Intel Corporation Device 9d61 (rev 21)<br />
00:16.0 Communication controller: Intel Corporation Device 9d3a (rev 21)<br />
00:17.0 SATA controller: Intel Corporation Device 9d03 (rev 21)<br />
00:1c.0 PCI bridge: Intel Corporation Device 9d10 (rev f1)<br />
00:1c.4 PCI bridge: Intel Corporation Device 9d14 (rev f1)<br />
00:1c.5 PCI bridge: Intel Corporation Device 9d15 (rev f1)<br />
00:1f.0 ISA bridge: Intel Corporation Device 9d48 (rev 21)<br />
00:1f.2 Memory controller: Intel Corporation Device 9d21 (rev 21)<br />
00:1f.3 Audio device: Intel Corporation Device 9d70 (rev 21)<br />
00:1f.4 SMBus: Intel Corporation Device 9d23 (rev 21)<br />
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)<br />
03:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)<br />
}}<br />
<br />
== Configuration ==<br />
<br />
=== Booting Arch Linux from USB ===<br />
<br />
To disable Secure Boot, set the [https://acer.custhelp.com/app/answers/detail/a_id/29349/ supervisor password] in the BIOS settings. Then you should be able to boot Arch. <br />
<br />
If you set up your installation media (USB drive) via [[USB_flash_installation_media#Using_Rufus|Rufus]]{{Broken section link}} i had the most success by using ''GPT'' as partition table (in UEFI mode). <br />
<br />
=== Video ===<br />
Install the xf86-video-intel package as shown [[Intel_graphics#Installation|here]]<br />
<br />
=== Solid State Drive ===<br />
For tips visit [[SSD]].<br />
<br />
=== Touchpad ===<br />
Set the touchpad to basic in the BIOS to get it working. Then enable it by pressing ''FN + F7''.</div>Powersourcehttps://wiki.archlinux.org/index.php?title=Acer_Aspire_V3-372&diff=452379Acer Aspire V3-3722016-09-29T15:50:52Z<p>Powersource: Wireless works out of the box now</p>
<hr />
<div>[[Category:Acer]]<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status''' || '''Modules'''<br />
|-<br />
| Intel || {{G|Working}} || i915<br />
|-<br />
| Ethernet || {{G|Working}} || r8168<br />
|-<br />
| Wireless || {{G|Working}} || ath10k_pci<br />
|-<br />
| Audio || {{G|Working}} || snd_hda_intel<br />
|-<br />
| Touchpad || {{G|Working}} || (see below)<br />
|-<br />
| Camera || {{Y|Untested}} || uvcvideo<br />
|-<br />
| Card Reader || {{Y|Untested}} || rtsx_usb<br />
|-<br />
| Bluetooth || {{G|Working}}|| <br />
|}<br />
Information for the Acer Aspire V3-372 51EK (Core i5-6200U, 4GiB RAM, 128GB SSD).<br />
<br />
== Devices ==<br />
<br />
{{hc|# lspci|<br />
00:00.0 Host bridge: Intel Corporation Sky Lake Host Bridge/DRAM Registers (rev 08)<br />
00:02.0 VGA compatible controller: Intel Corporation Sky Lake Integrated Graphics (rev 07)<br />
00:14.0 USB controller: Intel Corporation Device 9d2f (rev 21)<br />
00:14.2 Signal processing controller: Intel Corporation Device 9d31 (rev 21)<br />
00:15.0 Signal processing controller: Intel Corporation Device 9d60 (rev 21)<br />
00:15.1 Signal processing controller: Intel Corporation Device 9d61 (rev 21)<br />
00:16.0 Communication controller: Intel Corporation Device 9d3a (rev 21)<br />
00:17.0 SATA controller: Intel Corporation Device 9d03 (rev 21)<br />
00:1c.0 PCI bridge: Intel Corporation Device 9d10 (rev f1)<br />
00:1c.4 PCI bridge: Intel Corporation Device 9d14 (rev f1)<br />
00:1c.5 PCI bridge: Intel Corporation Device 9d15 (rev f1)<br />
00:1f.0 ISA bridge: Intel Corporation Device 9d48 (rev 21)<br />
00:1f.2 Memory controller: Intel Corporation Device 9d21 (rev 21)<br />
00:1f.3 Audio device: Intel Corporation Device 9d70 (rev 21)<br />
00:1f.4 SMBus: Intel Corporation Device 9d23 (rev 21)<br />
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)<br />
03:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (rev 32)<br />
}}<br />
<br />
== Configuration ==<br />
<br />
=== Booting Arch Linux from USB ===<br />
<br />
To disable Secure Boot, set the [https://acer.custhelp.com/app/answers/detail/a_id/29349/ supervisor password] in the BIOS settings. Then you should be able to boot Arch. <br />
<br />
If you set up your installation media (USB drive) via [[USB_flash_installation_media#Using_Rufus|Rufus]]{{Broken section link}} i had the most success by using ''GPT'' as partition table (in UEFI mode). <br />
<br />
=== Video ===<br />
Install the xf86-video-intel package as shown [[Intel_graphics#Installation|here]]<br />
<br />
=== Solid State Drive ===<br />
For tips visit [[SSD]].<br />
<br />
=== Touchpad ===<br />
Set the touchpad to basic in the BIOS to get it working. Then enable it by pressing ''FN + F7''.</div>Powersource