On Thursday, October 5, 2017 12:03:02 AM EDT Olle Harstedt wrote: > Hi dfly! > > I've installed dfly and wish to encrypt my home folder. I discussed it > breifly on #dragonflybsd, and it seems like the best option is to > encrypt the whole disk *during* installation, not after. Are there any > other options?
Are you encrypting just /home, or the whole disk? It's been a long time since I've installed any OS. On zyxomma (my DragonFly box) I have a plaintext slice, which is /, /home, and most other filesystems, and a ciphertext slice, which is /crypt and /usr/obj, which I put as a PFS on /crypt because I was once compiling lots of stuff at once and /crypt is bigger. On my Linux laptop and mailserver, I do have /home encrypted, but /usr is plaintext. No matter how you set up disk encryption, /boot must be plaintext, because that's where the encryption code is stored. Pierre -- ve ka'a ro klaji la .romas. se jmaji
