root encryption vs just /home encryption?
Bruno Wolff III
bruno at wolff.to
Tue Mar 25 08:37:54 UTC 2008
On Mon, Mar 24, 2008 at 13:26:47 -0400,
Bill Nottingham <notting at redhat.com> wrote:
> Louis E Garcia II (louisg00 at bellsouth.net) said:
> > Why would you encrypt the whole disk? /home is where your data is the
> > rest is just a regular fedora installation? Is SWAP important to?
>
> Some people may do it because they have a laptop or similar single-disk
> system where it's not worth the effort to do a lot of custom partitioning.
One advantage to businesses of encrypting everything is you can avoid
having to do notifications if the laptop is stolen if you can establish
that the thief can't practically get to the data.
Since /boot isn't writeable by normal users you don't have to worry about
that, but /var/tmp, /tmp would be problems. At the level of these laws
I don't think swap and vulnerabilities that allow you to read memory
(and the disk keys) if you steal the machine with power on (including
suspend to memory) are relevant.
More information about the devel
mailing list