Torxed
commented
2 years ago This is technically already supported. If you create a separate home partition under ext4, and only select that one to be encrypted, i think you're good to go. Not tested tho!
Open frankm773 opened 2 years ago
Torxed
commented
2 years ago This is technically already supported. If you create a separate home partition under ext4, and only select that one to be encrypted, i think you're good to go. Not tested tho!
dylanmtaylor
commented
2 years ago I agree with the solution that Torxed proposed, and in my opinion it's far cleaner and more secure than trying to use ecryptfs
frankm773
commented
2 years ago I agree with the solution that Torxed proposed, and in my opinion it's far cleaner and more secure than trying to use ecryptfs
ecryptfs was not suggested here. The proposed alternative solution to separate partions and luks would be fscrypt https://github.com/google/fscrypt
With fscrypt as an alternative, more use cases could be covered, especially when separate partitions are not feasible.
In addition to the option to full disk encryption, it would be great to have an easy way to setup home encryption with fscrypt as well.
This could help with both older hardware setup that become too slow with fde, as well as with multi user systems where home encryption could provide additional privacy.