Hi,
I was installing Ubuntu 10.10 using 10.10 Alternate CD. I chose 'Guided - use entire disk setup encrypted LVM'. After Specifying the passphrase for to encrypt the full disk, the installer ask me whether I want to encrypt my home folder.
This is great ! But it got me thinking: I always thought the home folder encryption is a subset of the full disk encryption ? so why does the installer ask me to encrypt the home folder after I chose full disk encryption ?
Asked by zfranciscus on October 21, 2010.
This isn't exactly an answer but perhaps it will help:
"Full disk encryption" means encrypted partitions. I like to put /home/ in a seperate partition to make re-installs easy, but I don't think that is something Ubuntu normally does, so that surprises me a bit. Perhaps it makes it a separate partition because you're using LVM.
One of the reasons to use full disk encryption instead of just encrypting a storage drive is that swap gets encrypted too in case you decryption password gets saved there somehow, you wouldn't want anyone to be able to retrieve it.
Answered by Dan on October 21, 2010.
Content from Superuser of Stack Exchange. Original article at Superuser.
You can encrypt the swap partition as well. In fact the Debian installer automatically encrypts the swap partition if you encrypt any filesystem; I don't know if the Ubuntu installer does the same. Reasons not to encrypt the system partition include: not needing a separate `/boot` partition if your bootloader doesn't understand the encryption; possibility to boot in degraded mode without entering the password; performance. A reason to encrypt the system partition is it may contain a few sensitive files, such as the printing spool (but these can be symlinked to `/home` or made `tmpfs`). - Gilles on October 21, 2010