11-06-2019, 11:07 AM
(11-05-2019, 08:56 PM)Der Geist der Maschine Wrote: You answered what I was asking for but not what I meant
I was interested in the advantage of luks / over luks /home. I think that boils down to:
Quote:While you can keep all private data in your homedir, it's easy to leak outside that - /var/log, swap, /etc, /tmp, etc.
Swap can be trivially encrypted with luks as well. /tmp can be made a memory filesystem - that's not the default in our Debian, though. It's really not great exposing /var/log and /etc.
Yeah, so LUKS on home+swap is in between FDE and eCryptFS /home. However, on my PCs I generally use a Btrfs or ZFS root partition, with a subvolume for /home. This allows space to be shared freely between /, /home, and other volumes, unlike partitioning. So I have a small /boot, and everything else is in one partition (swap is a file on /). So FDE is simpler and more convenient, IMHO.
