On Sun 09 Aug 2015 20:40:15 NZST +1200, Helmut Walle wrote: > seriously. Obviously you can have the best of both by not encrypting > your system partition, while encrypting your home or user data > partition.)
Keep in mind that when the system partition becomes compromised (a reboot won't fix that) the encryption of your home and data partitions becomes moot, i.e. evaporates. Likewise with encrypting the system partition when there is an unencrypted /boot partition. I understand all that secureboot stuff is supposed to fix that, or at least if it was working as expected (not as programmed). Of course all that still doesn't help if the master key is held by an American company under NSA orders to give up that key any time when asked. It's pretty good protection if hardware is stolen while powered off. If you just close your laptop lid the only protection you have might be your screenlocker password, even if all partitions are encrypted. Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
