[plug] Disk/partition/fs encryption
Brad Campbell
brad at fnarfbargle.com
Mon Mar 30 11:04:33 AWST 2020
On 30/3/20 10:54 am, Steve Baker wrote:
> Hi All,
>
> I have Ubuntu Linux installed on my laptop, and I need to use some level
> of encryption on (some of) the contents of the storage.
>
> It's a dual-boot with Windows, I don't need the Windows partition
> encrypted. Currently the Linux installation uses a single partition, I
> can either encrypt that OR split off the contents of /home to a new
> partition and just encrypt that.
>
> Is it possible to just encrypt a single partition / filesystem like
> this? Or is it better to encrypt the whole disk? Is encrypting the whole
> disk compatible with Linux/Windows dual-boot? What is the recommended
> method/software/tools for this?
I do both. On my laptop, /home and swap is encrypted with LUKS. Root,
the Win7 and MacOS partitions are not.
On my desktop, /home is on a separate SSD which is OPAL encrypted and
SWAP is on a separate partition on that disk.
The reason swap is encrypted separately on the laptop is that gives me
encrypted hibernate.
Pretty much anything recent has AES-NI to accelerate the crypto and the
performance penalty isn't particularly high.
LUKS is pretty well integrated in most distributions these days.
--
An expert is a person who has found out by his own painful
experience all the mistakes that one can make in a very
narrow field. - Niels Bohr
More information about the plug
mailing list