Slint in an encrypted drive. in Auto mode the installer proposes to encrypt the drive where it installs Slint, if you decide to dedicate this drive to Slint. If you accept, at each boot the GRUB boot loader will ask you the passphrase that you will have typed during installation to unlock the drive, before displaying the boot menu. Be aware that unlocking the drive will take a few seconds (around ten seconds). During installation the Slint system partition will be encrypted, and also the additional partition that you may request. Having an encrypted drive prevents the steal of data it contains in case of loss or theft of the machine, or of a removable drive. But this won't protect you if the computer stays running and unattended, only if the machine has been switched off completely! A Slint system (or root) partition will the be named: /dev/mapper/cryproot once opened, if it has been encrypted. This is shown by this command: lsblk -lpo name,fstype,mountpoint | grep /$ Which gives an ouptut like: /dev/mapper/cryptroot ext4 / This command instead: lsblk -lpo name,fstype,mountpoint | grep /dev/sda3 gives: /dev/sda3 cryptoLUKS /dev/sda3 is now a "raw" partition that includes the so called "LUKS header" that you will never need nor ever should access directly. It hosts all that is needed to encrypt or decrypt the partition /dev/mapper/cryptroot, which actually hosts your data (in this example the Slint system). WARNINGS If you forget the passphrase all data in the drive will be irrecoverably lost! So write down or record this passphrase and put the record on a safe place as soon as done. Drives die. if that happens and it is encrypted your data will be lost. So, regularly back up your important data is not optional. Don't resize a partition of an encrypted drive as after that it would be definitively locked and all the data it contains will be lost! If you really need more space, you will need to backup all the files that you want to keep, then install anew and restore the backed up files. Choose a strong passphrase, so that it would take too much time for a robber to discover for it to be worthwhile. Never ever fiddle with the so-called "LUKS header" located on the raw partition (the third one, like e.g. /dev/sda3 for the raw partition on top of the Slint system partition). Practically: don't create a file system in this partition, don't make it part of a RAID array and generally don't write to it: all data be irrecoverably lost! To avoid weak passphrases the installer requires that the passphrase include: 1) at least 8 characters. 2) Only non accented lower case and capital letters, digits from 0 to 9, space and following punctuation characters: ' ! " # $ % & ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ This guarantees that even a new keyboard will have all characters needed to type the passphrase. 3) At least one digit, one lower case letter, one capital letter and one punctuation character. GRUB assumes that "us" keyboard is in use when you type the passphrase. For this reason, if during installation you use an other keyboard map, before asking the passphrase the installer will set the keyboard map to "us", and after having recorded it restore the previously used one. In this case the installer will also spell each typed character of the passphrase, as it may differ from the one written on the key. The application cryptsetup is used to encrypt the drive. To know more type after installation: man cryptsetup and to know even more read: https://gitlab.com/cryptsetup/cryptsetup/-/wikis/FrequentlyAskedQuestions