Menu path: Security > Device Encryption

Device encryption mode
Possible options:

  • "Keep": If the device is encrypted, it stays encrypted. If it is not encrypted, it will not get encrypted.
  • "Activate": The device will be encrypted when the user enters the password for the first time. The re-encryption may take about 10 to 60 seconds; the duration depends on the hardware performance and the size of the Custom Partition.
  • "Deactivate": The device will be re-encrypted back to the default device encryption on the next boot. The re-encryption may take about 10 to 60 seconds.

Change password: Only applicable if device encryption is enabled. The user can change the password for device encryption.

Authentication type
Possible options:

  • "PW": Password authentication. In this version of IGEL OS, this is the only available authentication type.

Security level
Possible options:

  • "Auto, constant-time": The password aggregation function that fits best with the defined Target time delay (ms) is selected.
  • "Auto, at least level": The security level will be at least as high as the value selected by Password aggregation function; if the Target time delay (ms) allows for a higher security level, the higher security level will be used.
  • "Manual": The Password aggregation function can be set manually, irrespective of the delay time specified by Target time delay (ms).

Target time delay (ms): Maximum time that should be consumed by the password aggregation function. This delay is effective when the user enters the device encryption password on boot or changes the device encryption password.

Password aggregation function: Security level of the encryption. 
Possible options:

  • "I: Argon2id, 8M/7 ops"
  • "II: Argon2id, 128M/3 ops"
  • "III: Argon2id, 256M/3 ops"
  • "IV: Argon2id, 512M/3 ops"
  • "V: Argon2id, 1024M/4 ops"
  • "VI: Argon2id, 128M/4 ops"

Minimum password length: Minimum number of characters the password must be composed of

Unwanted strings in password (comma separated): Comma-separated list of strings that must not be contained in the password

The password must contain: Defines whether all of the subsequent minimum requirements (minimum amount of lower case letters etc.) must be fulfilled, or 2, or 3 of them.

  • all
  • 2 of
  • 3 of

Minimum amount of lower case letters

Minimum amount of upper case letters

Minimum amount of numbers

Minimum amount of special characters

Special characters allowed: List of all non-alphanumerical characters that are allowed in the password, without separators