this post was submitted on 13 Jun 2023
5 points (100.0% liked)

Linux

48209 readers
1055 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I am planning on reinstalling to new drive(s) the next time my distro releases a new version and i am interested in drive encryption, so i was wondering

if i have root and home on two separate SSDs and they are encrypted with the same password, would i have to enter the password twice to boot? and would there be any other downsides of an encrypted two drive setup?

is there anything i should take into account when using or setting up drive encryption? any best practices for drive encryption that i should know?

thanks in advance

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (3 children)

This seems to be what you're looking for.

You pretty much just use a keyfile instead of a traditional password. Once your root drive is unlocked, your home directory can be automatically unlocked using a keyfile held somewhere in another drive.

[–] [email protected] 4 points 1 year ago (1 children)

Yes it's pretty easy with keyfile and /etc/crypttab.

One practical recommendation: As LUKS headers can hold several keys, also add a traditional passphrase in addition to the keyfile. With this it's far easier to decrypt the drive from commandline if you ever need to rescue the system from a USB.

[–] BluePhantom 1 points 1 year ago

thank you for letting me know this is possible to do

[–] [email protected] 2 points 1 year ago

Oh yeah i forgot about doing this, actually way easier than what i suggested

[–] BluePhantom 1 points 1 year ago

ok, ok, thanks for the resource and explanation, will look into it more later