+- PINE64 (https://forum.pine64.org)
+-- Forum: PineTab (https://forum.pine64.org/forumdisplay.php?fid=140)
+--- Forum: General Discussion on PineTab (https://forum.pine64.org/forumdisplay.php?fid=141)
+--- Thread: Is whole drive encryption possible? (/showthread.php?tid=18711)
Is whole drive encryption possible? - graeme - 09-17-2023
Is it possible to encrypt the entire drive? I am assuming that ecryptfs will work so I can encrypt my home directory, but would feel safer if I can encrypt everything to stop data leaking through /tmp etc.
Alternatively, any tips on how to ameliorate the risks with just /home/[me] encrypted? I thought of putting swap in zram (which i do on my desktop) anyway which solves one problem.
I have lost a tablet before... it is a risk that bothers me.
RE: Is whole drive encryption possible? - lllll - 09-23-2023
I didn't look into the implementation details and didn't try to break it, but.. Mobian is offering disk encryption when using the installer. I have to enter a password every time when the device is booting and it refuses to boot when I'm entering a wrong one. So, if you are fine with Debian/Mobian this might be a possible solution without having to put too much effort in it.
Code:
mobian@mobian:~$ mount | grep crypt
/dev/mapper/calamares_crypt on / type ext4 (rw,relatime)But since you are also talking about encrypted /tmp I'm not sure if this is good enough for you, I don't think Mobian itself doesn't offer protection at runtime.