Full Disk Encryption and Home Directory Encryption


I was installing Ubuntu 10.10 using 10.10 Alternate CD. I chose 'Guided - use entire disk setup encrypted LVM'. After Specifying the passphrase for to encrypt the full disk, the installer ask me whether I want to encrypt my home folder.

This is great ! But it got me thinking: I always thought the home folder encryption is a subset of the full disk encryption ? so why does the installer ask me to encrypt the home folder after I chose full disk encryption ?


Posted 2010-10-21T11:22:54.303

Reputation: 519



This isn't exactly an answer but perhaps it will help:

"Full disk encryption" means encrypted partitions. I like to put /home/ in a seperate partition to make re-installs easy, but I don't think that is something Ubuntu normally does, so that surprises me a bit. Perhaps it makes it a separate partition because you're using LVM.

One of the reasons to use full disk encryption instead of just encrypting a storage drive is that swap gets encrypted too in case you decryption password gets saved there somehow, you wouldn't want anyone to be able to retrieve it.


Posted 2010-10-21T11:22:54.303

Reputation: 6 712

You can encrypt the swap partition as well. In fact the Debian installer automatically encrypts the swap partition if you encrypt any filesystem; I don't know if the Ubuntu installer does the same. Reasons not to encrypt the system partition include: not needing a separate /boot partition if your bootloader doesn't understand the encryption; possibility to boot in degraded mode without entering the password; performance. A reason to encrypt the system partition is it may contain a few sensitive files, such as the printing spool (but these can be symlinked to /home or made tmpfs). – Gilles 'SO- stop being evil' – 2010-10-21T21:16:22.883