I am installing Ubuntu 13 with full encryption but why am I given the option to also encrypt my home folder. Surely the home folder is covered under the system encryption? I'm confused.
You are being offered 2 layers of Encryption.
The first is LUKS. With LUKS your entire installation (except /boot) will be encrypted, including your home directory.
The second is ecrptfs and is used to encrypt your home directory.
In general there is no need to use the two together, but, you could if for example you have multiple users and you wish to keep data encrypted between users or from root access.
When you use LUKS, when you boot, the data in your /home will be decrypted and as long as the system is running, the data can be read by root and other users.
https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access
If you so desire , you can restrict access to the data in your home directory by adjusting the permissions or by encrypting your home directory as well.
If you encrypt your home directory, your personal data will remain encrypted when the system boots and will only be decrypted when you log in.
HTH
No comments:
Post a Comment