Readymade and Taidan guide for wiki

src/content/docs/en/setup/installation.mdx

@@ -5,6 +5,10 @@ description: "A guide on how to install Ultramarine Linux"
 
 import Alert from "../../../../components/Docs/Alert.astro";
 
+If you are using an Anaconda image, proceed with the instructions below. If you are using a Readymade Preview image, go [here](#readymade). If installing to a Chromebook, go [here](/en/chromebook/installing).
+
+# Anaconda
+
 After booting into the live system, you will see a dialog box asking you whether to start the installer or continue with the live system.
 
 ![The Welcome Dialog box](/assets/welcome-window.png)
@@ -49,7 +53,7 @@ By default, the time is set from your IP address geolocation. If you're using a
 
 This is where you select where you want Ultramarine to be installed, you can have the installer automatically partition your disk, or, select a custom layout.
 
-By default, Ultramarine uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) on standard computers.
+By default, Ultramarine uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) on standard computers. We default to ext4 on Chromebooks as Btrfs may shorten the life of the EMMC found in most Chromebooks.
 
 <Alert type="info">
   We recommend encrypting your disk for added security. Simply select the
@@ -99,8 +103,6 @@ If you type in an insecure password, you must press the `Done` button twice to c
 
 </Alert>
 
----
-
 After completing your system configuration, press the `Begin Installation` button to continue. The installation process will start and may take a few minutes.
 
 <Alert type="danger">
@@ -113,6 +115,101 @@ After the installation process is complete, Anaconda will prompt you to reboot y
 
 Welcome to Ultramarine Linux!
 
+---
+
+# Readymade
+
+After booting into the live system, you will see an icon on the desktop labeled "install to Computer." Open this to launch the Readymade installer, or continue with the live system.
+
+## Language Selection
+
+![The Language Selection Screen](/assets/readymade/language.png)
+
+Before we get started, select your preferred language.
+
+## Welcome Screen
+
+![The Welcome Dialog box](/assets/readymade/install-or-try.png)
+
+From here you can select `Try` to continue using the live system, or `Install` to proceed with installation.
+
+## Install Destination
+
+![Destination Selection](/assets/readymade/devices.png)
+
+On the Destination page, select the device you would like to install to. Make sure you select the correct device, since after installation the data on the selected device will be wiped.
+
+## Installation Type
+
+![Installation type](/assets/readymade/install-type.png)
+
+From here, you have the option to install to the entire disk, or customize your install.
+
+You also have the option to encrypt your disk, and enable TPM encryption. When you encrypt your disk, you will be prompted to enter a password used for encryption. Note that this is in no way tied to your Ultramarine user password.
+
+For more information on how encryption works, refer [here](#encryption).
+
+## Custom Installation
+
+![custom](/assets/readymade/install-custom-mountpoint.png)
+
+In this mode, you can manually configure the layout of the disk.
+
+On UEFI-based systems, you need a partition mounted as `/boot/EFI` and another mounted as `/`.
+
+On BIOS-based systems, you need a `BIOSBoot` partition, a partition mounted as `/boot` and another mounted as `/`.
+
+# Confirmation
+
+![Confirmation](/assets/readymade/confirm.png)
+
+Now, you are ready to install. Select `Install` to begin. You will then be taken to the page below, with links to out wiki, chats, and contribution information that will open in the live environment during the install.
+
+## Installing
+
+![Installing](/assets/readymade/installing.png)
+
+<Alert type="danger">
+  This process is **IRREVERSIBLE**. If you manage to stop the installer before
+  it finishes, you will end up with a broken system. <br /> To fix this, you
+  will have to reinstall Ultramarine Linux or your preferred operating system.
+</Alert>
+
+After the installation process is complete, Readymade will prompt you to reboot your device, simply reboot and enjoy!
+
+Welcome to Ultramarine Linux!
+
+---
+
+# Encryption
+
+FDE (full-disk encryption) is a method in which all data on a disk is made unreadable (encrypted), and can be decrypted with a matching authentication key. This authentication key can be unlocked using a password, hardware security key, TPM, biometrics, etc. This means that if the drive was removed and placed into another computer, the data would still be unreadable without one of these unlock methods.
+
+BitLocker is common on Windows systems, FileVault is common on macOS systems, and LUKS is common on Linux systems. When using enabling disk encryption when installing Ultramarine Linux, you are using LUKS.
+
+## LUKS Full-Disk Encryption
+
+LUKS (Linux Unified Key Setup), specifically LUKS2, is the standard disk encryption method on many Linux systems.
+
+LUKS uses a multi-layered encryption approach, meaning that when you use LUKS encryption, you enter a passphrase that is then used to unlock the master key, which is stored in the LUKS partition header. This master key is then used to unlock the partition's encrypted data. You will loose access to your data if the header is overwritten, or the password is forgotten.
+
+### TPM backed LUKS Full-Disk Encryption
+
+What a TPM is and how it works is beyond the scope for this wiki, refer [here](https://en.wikipedia.org/wiki/Trusted_Platform_Module) for more information regarding TPMs.
+
+TPM encryption can be enabled in Readymade by selecting `Enable TPM` after selecting `Enable disk encryption`. Please note a TPM 2.0 is required for using TPM backed FDE in Readymade.
+
+TPM backed full-disk encryption replaces your LUKS password entry step by storing the decryption key (to the master key stored in the LUKS partition header) in the TPM instead. Here are some reasons this could be useful to you:
+
+- The TPM can detect malicious system changes, helping to prevent [evil maid attacks](https://en.wikipedia.org/wiki/Evil_maid_attack), among other vulnerabilities.
+- TPM backed FDE is also useful in preventing LUKS passphrase brute-forcing in the case of drive theft, as the only way to decrypt the master key is using the TPM associated with the drive (and it is much, much more difficult to crack the mastery key).
+- When using a TPM, you are also safe from keylogging and memory extraction attacks.
+
+There can also be drawbacks to using TPM as well. Here are some reasons this could not be useful to you:
+
+- TPM/motherboard failure can prevent data recovery. If this is a concern, we reccomend creating a backup key.
+- If an entire computer is stolen, the encryption will still auto-decrypt itself, leaving a system with essentailly user passphrase security only, which can be bypassed and broken.
+
 #### [Next Up: Post-Installation →](/en/setup/postinstall)
 
 #### [← Back To: BIOS Keys](/en/setup/bioskeys)