Encrypting /home but not / leads to keyfile being written unencrypted to disk

archlinux / archinstall

Arch Linux installer - guided, templates etc.

GNU General Public License v3.0

6.37k stars 548 forks source link

Encrypting /home but not / leads to keyfile being written unencrypted to disk #1856

Open davidhaller opened 1 year ago

davidhaller commented 1 year ago

If you set an encryption passphrase, this passphrase is only used to encrypt the / partition while all other partitions are encrypted via keyfile, which is stored somewhere under /etc. This way you don't have to enter your passphrase multiple times for each partition beeing unlocked.

But if / is chosen to not be encrypted, archinstall still uses keyfiles to encrypt the other partitions, and doesn't use the passphrase at all, which is not was most users would want.

Torxed commented 1 year ago

Thank you for bringing this to our attention, this will be fixed!