| 1 |
Dear Dale, |
| 2 |
|
| 3 |
On Friday 5 June 2020, 11.37pm -0500, Dale wrote: |
| 4 |
|
| 5 |
> Is this a secure method or is there a more secure way? Is there any |
| 6 |
> known issues with using this? Anyone here use this method? Keep in |
| 7 |
> mind, LVM. BTFRS, SP?, may come later. |
| 8 |
|
| 9 |
Another thing to keep in mind: if you only encrypt your /home, it is |
| 10 |
possible that some data leak out of the encrypted volume. For example, |
| 11 |
if you use swap, then the decrypted contents of /home residing in RAM |
| 12 |
can be swapped out. If you want to protect yourself against that, you |
| 13 |
will need to encrypt the swap volume as well. The same could happen with |
| 14 |
temporary files, so /tmp and /var/tmp might also need special treatment. |
| 15 |
Aside from encrypting, tmpfs is another possibility here. |
| 16 |
This problem is similar, but slightly different, to that described |
| 17 |
by J. Roeleveld. Here I am talking about the contents of your files |
| 18 |
leaking, instead of the LUKS keys. |
| 19 |
If you are going to encrypt multiple filesystems, you can either |
| 20 |
make separate LUKS volumes for each of them (each LUKS volume being |
| 21 |
inside a partition or LVM volume, for example), or you can create one |
| 22 |
LUKS volume with several LVM volumes inside. |
| 23 |
|
| 24 |
Sincerely, |
| 25 |
|
| 26 |
Bas |
| 27 |
|
| 28 |
|
| 29 |
-- |
| 30 |
Sebastiaan L. Zoutendijk | slzoutendijk@×××××.com |
Archives