this post was submitted on 05 Sep 2024
19 points (95.2% liked)
Linux
5371 readers
33 users here now
A community for everything relating to the linux operating system
Also check out !linux_memes@programming.dev
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes, very. I've seen people do a similar thing with a separate encrypted home partition which is decrypted by a key stored in your encrypted root. However, I'd strongly recommend you use an LVM on LUKS setup (this is what I do). That way you decrypt one partition and you don't have to mess around with keyfiles. https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS
Do you happen to have a link to this?
Looking at the wiki it seems doable (in relation to revising my script) and as far as I can tell the tradeoffs seems better than #LUKS on a partition
much appreciated for the recommendation!
There is a difference here.
Unlocking home later in the boot process is not a problem, so the you can indeed have a keyfile on your root and get your home unlocked and mounted after root is done.
Swap however needs to be available early, at least if you want to use it for hibernation.