archinstall icon indicating copy to clipboard operation
archinstall copied to clipboard

Published 20 hours ago verified publisher icon archlinux

[Feature Request] Optional user based home encryption

Open frankm773 opened this issue 3 years ago • 3 comments

In addition to the option to full disk encryption, it would be great to have an easy way to setup home encryption with fscrypt as well.

This could help with both older hardware setup that become too slow with fde, as well as with multi user systems where home encryption could provide additional privacy.

frankm773 avatar May 29 '22 16:05 frankm773

This is technically already supported. If you create a separate home partition under ext4, and only select that one to be encrypted, i think you're good to go. Not tested tho!

Torxed avatar May 29 '22 17:05 Torxed

I agree with the solution that Torxed proposed, and in my opinion it's far cleaner and more secure than trying to use ecryptfs

dylanmtaylor avatar May 29 '22 17:05 dylanmtaylor

I agree with the solution that Torxed proposed, and in my opinion it's far cleaner and more secure than trying to use ecryptfs

ecryptfs was not suggested here. The proposed alternative solution to separate partions and luks would be fscrypt https://github.com/google/fscrypt

With fscrypt as an alternative, more use cases could be covered, especially when separate partitions are not feasible.

frankm773 avatar May 29 '22 19:05 frankm773