byte.size...@simplelogin.com wrote: > There are always advantages of having FDE, including when a theft > occurs. While ofc FDE will not protect against theft, at least the > data on the drive(s) will be secure. > > If you're "hosting" other people's data, I think this there's even > more good reason to use encryption, whether that data is sensitive or > not. > > Personally, I use FDE for everything. It's only one step further than > an encrypted data partition, so I don't see why not. Here's an sample > single-disk (no RAID) layout: > > /dev/sda > ├─ /dev/sda1 : EFI System Partition > ├─ /dev/sda2 : /boot partition, not encrypted > └─ /dev/sda3 : LUKS crypt container > └─ hello_lvm - LVM Physical Volume and "hello_lvm" Volume Group > ├─ hello_lvm/root : LVM volume, OS / partition > └─ hello_lvm/home : LVM volume, /home partition > > LVM-over-LUKS gives you the flexibility to still "partition" your > drive as you wish while having everything encrypted and you can have a > single key open everything. Though, of course, you might want to put > the OS root on its own separate partition and encrypt that with a > separate LUKS container with its own protection, meaning you will need > to unlock both at boot. > > I hear GRUB these days supports LUKS so maybe an encrypted /boot is > possible too, but I've never tried it myself. I might be wrong. > <<< SNIP >>> > > Hope this helps. I'm sure there's other ways too. > > [1] https://github.com/gsauthof/dracut-sshd
Do you have a link, or several links, on how to set that up? I'd like to read it and may even play with it on one of my old rigs, then maybe on my main rig at some point. OP sure is getting a lot of options. :-D Dale :-) :-)
