On Wed, 14 Dec 2011, Roger Leigh wrote:
[..]
The same argument applies to encryption. / and /usr both contain a
selection of programs, libraries etc. If you're encrypting one, why
would you not encrypt all of it?
Speed.
On one of my relatively low-power portable systems, I have everything
encrypted except /boot and /usr. /boot for obvious reasons; /usr because
decryption is heavily CPU-bound, making encrypted /usr unworkably slow.
Since encryption is for privacy reasons, I need encrypted / because of
/etc. (And encrypted /home and /var of course.)
Indeed, this means that programs in /bin and libs in /lib are also
encrypted. But this actually does _not_ slow things down: the Linux disk
cache is sensibly caching the decrypted data, so often-used stuff from
/bin and /lib happily remains in already-decrypted cache. The interesting
stuff from /usr is generally too large and too seldomly used to remain
cached.
So I'd say "preferably not" move /bin and /lib to /usr; but I'd say
"absolutely definitely not" move /usr/bin and /usr/lib to /.
(Well, in the latter case: unless you make sure that /bin and /lib are
actually mountable separately. But that would really defeat the purpose.)
Best regards,
Anne Bezemer
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/pine.lnx.4.64.1112142211520.5...@wormhole.robuust.nl
