On Sun, Dec 21, 2008 at 07:47:15PM +0100, David Nielsen wrote:
I've been running using dm-crypt for a while now but it seems to me that when all I have is some photos and documents I don't want to fall into the wrong hands in case my machine is stolen, it's seems like overkill to encrypt everything. Additionally it's some what cumbersome to have to unlock the drive during boot. Another problem might be the performance hit of full disk encryption on these low powered netbooks being unacceptable making those a good target for a more lightweight solution?
Won't solve your unlocking problem, but why not have a separate encrypted /home partition? I've had separate /home partitions for years, not for encryption, just because that's the directory I really care about, so I want to be able to handle it specially anyway.
The other reason to _not_ encrypt the system directories is so that system files can be easily mmapped into memory. And after all, there is no secret in the system files.
Rich.