Feature request/bug report: systemd-homed support?

[aral]

Not sure whether to open this under the display manager, desktop environment or here as if affects them all. Going for the last option as this is where it would start.

The problem

1. I install elementary OS with full disk encryption (and I feel safe)
2. I go to a cafe
3. I lock my computer (and I feel safe)
4. Someone takes my computer

What should happen

They should not be able to access my data.

(If I had a Mac, they wouldn’t be able to.)

In other words, “lock” should mean “lock”.

What actually happens

They get to access all my data because my drive is not encrypted.

Replace Step 3 with “I put my computer to sleep” for the same result.

Suggested implementation

The installer should default to using systemd-homed and creating a LUKS encrypted home partition that’s automatically locked when I “lock” my computer/suspend it.

(I realise this is a huge undertaking. I’m opening this issue here in hopes of at least starting a conversation if one wasn’t already ongoing elsewhere. Please feel free to point me to a better place for having this discussion and tracking it if there is one.)

[hanaral]

this seems to be somewhat related to this issue I opened so that late-locking would not be necessary - and therefore locking the device would, under all curcumstances, have the greeter be the topmost security layer.