Full disk encryption + encrypt home folder?

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
DaniD

Full disk encryption + encrypt home folder?

Post by DaniD »

Guys

I think something is not clear in the installation.

What happens if I chose full disk encryption and later also "encrypt home folder"?

If the disk is fully encrypted, surely also the home folder is encrypted. So what does clicking on the "encrypt home folder" do? Does it double-encrypt the home folder?

Thanks

-d
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Top
User avatar
xenopeek
Level 25
Level 25
Posts: 29615
Joined: Wed Jul 06, 2011 3:58 am

Re: Full disk encryption + encrypt home folder?

Post by xenopeek »

DaniD wrote:Does it double-encrypt the home folder?
Yes. You'll need the full disk encryption password to be able to boot Linux Mint, and you'll need to login with your password to your account to access your files. Full disk encryption is significantly faster than home folder encryption; using both will naturally be the slowest (you'll encrypt twice). If you add a hard disk that has hardware level encryption (Samsung's SSD 840/850 PRO for example), you can have three levels of encryption! Knock yourself out, but consider what you actually want it for.
Image
Top
DaniD

Re: Full disk encryption + encrypt home folder?

Post by DaniD »

xenopeek wrote:... using both will naturally be the slowest (you'll encrypt twice). ...
OK Thanks!

There is obviously a usability bug here. It's not clear at all what's going on. Most users will want to use either full disk encryption OR home folder encryption, not both.

It looks to me also that, when encryption is on, hibernate is not available. this is again something a user finds out only after the installation is complete.

-d
Top
User avatar
Derek_S
Level 6
Level 6
Posts: 1279
Joined: Sat Dec 28, 2013 5:36 pm
Location: Long Island, N.Y.

Re: Full disk encryption + encrypt home folder?

Post by Derek_S »

Hello DaniD - I have tried both options to install. 1.) LVM plus full disk encryption. 2.) Just encrypting the home folder.

The problem with #2 is this - swap is also encrypted as well as home. I have found that post-installation, for some reason, swap is not mounted during system boot. This definitely leads to problems with hibernation unless you fix things. And the answer does not lie in editing /etc/fstab and removing the comment (#) from the entry for swap. Leave that alone. The answer is to edit /etc/crypttab, remove the portion "UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" and replace it with the swap partition's blkid, for example "/dev/sda3". On reboot you will see that swap is mounted and hibernation is restored - provided you made the swap partition large enough in the first place.

Also note, I've recently converted to the first option, LVM plus full disk encryption. No issues at all with mounting at boot or hibernation.
"When you rise in the morning, give thanks for the light, for your life, for your strength. Give thanks for your food and for the joy of living. If you see no reason to give thanks, the fault lies in yourself." - Tecumseh
Top
blainester

Re: Full disk encryption + encrypt home folder?

Post by blainester »

I use full disk encryption on LM 17. The default setup makes an encrypted LUKS container containing an LVM group with / and swap partitions. I have no issues with suspending or hibernation.
Top
Locked

Return to “Installation & Boot”