[plug] Disk/partition/fs encryption

Brad Campbell brad at fnarfbargle.com
Mon Mar 30 11:04:33 AWST 2020


On 30/3/20 10:54 am, Steve Baker wrote:
> Hi All,
> 
> I have Ubuntu Linux installed on my laptop, and I need to use some level 
> of encryption on (some of) the contents of the storage.
> 
> It's a dual-boot with Windows, I don't need the Windows partition 
> encrypted. Currently the Linux installation uses a single partition, I 
> can either encrypt that OR split off the contents of /home to a new 
> partition and just encrypt that.
> 
> Is it possible to just encrypt a single partition / filesystem like 
> this? Or is it better to encrypt the whole disk? Is encrypting the whole 
> disk compatible with Linux/Windows dual-boot?  What is the recommended 
> method/software/tools for this?

I do both. On my laptop, /home and swap is encrypted with LUKS. Root, 
the Win7 and MacOS partitions are not.

On my desktop, /home is on a separate SSD which is OPAL encrypted and 
SWAP is on a separate partition on that disk.

The reason swap is encrypted separately on the laptop is that gives me 
encrypted hibernate.

Pretty much anything recent has AES-NI to accelerate the crypto and the 
performance penalty isn't particularly high.

LUKS is pretty well integrated in most distributions these days.

-- 
An expert is a person who has found out by his own painful
experience all the mistakes that one can make in a very
narrow field. - Niels Bohr


More information about the plug mailing list