0 sats \ 2 replies \ @anon 18 Jun \ on: Tutorial: Using systemd-homed to LUKS encrypt your home folder on Linux tutorials
Why would you do this vs just encrypting the whole drive? Most linux distributions let you do that, and it ensures that nothing is left unencrypted, like /tmp files and what not.
In general full disk encryption is more secure.
However, you will wind up with a logistical issue if you ever want to reboot that machine (or it reboots due to power failure) and you are not physically present to type in password at grub stage to unencrypt.
There are solutions to that (embedding ssh server in initrd, tang servers, etc) but one of the benefits of systemd-home + luks is that you get a system that can be rebooted remotely and boots normally - only home will stay safely encrypted until you connect and login.
reply