disk encryption for Ubuntu 20 LTS

Volker Wysk post at volker-wysk.de
Fri May 21 11:40:18 UTC 2021


Am Freitag, den 21.05.2021, 12:39 +0200 schrieb Liam Proven:
> On Fri, 21 May 2021 at 05:20, Eric Demer via ubuntu-users
> <ubuntu-users at lists.ubuntu.com> wrote:
> > I am now trying to set up encryption for it.
> 
> Suggestions:
> 
> [1] Don't. IMHO it's a massive pain in the backside and it reduces
> performance. I am a 30Y Unix veteran and 25Y on Linux. It took me 3
> days to get full-disk encryption working well and I'll never do it
> again.

Modern computers are fast enough. I don't have a noticeable performance
loss. And the Ubuntu installer can set it up for you. 

> [2] If you are determined not to listen to point #1, then install
> VirtualBox and get thoroughly used to installing Ubuntu on virtual
> machines before you try on a real computer.

This might be a good idea.

> First, install it with defaults.
> Second, nuke it, reinstall with a separate /home partition. Get used
> to doing this. Install 18.04 and upgrade it to 20.04. Get familiar
> with this stuff. Learn about disk sizes and what you'll need.
> Third, reinstall with LVM and a separate home partition. And again
> with separate /boot, /, /home and swap.
> 
> [3] If you *must* use encryption, consider just having /home encrypted
> and leave / and swap unencrypted. This minimizes the performance
> impact, makes installation and troubleshooting easier, and most
> importantly, makes data recovery in the event of a disaster *much*
> easier.

You need to encrypt swap, because you have passwords and other sensitive
information in memory, and when it gets swapped out, it'll be readable
unless the swap is encrypted.

I also prefer to encrypt the whole system, so nothing will leak out. For
instance when /tmp is used.

> [4] Make very sure you have a *very* good, solid, *TESTED* backup AND
> RECOVERY plan in place. 

The recovery plan can consists in reinstalling the system and restoring a
backup of the personal data. I agree that testing the backup is necessary.

> You want to have a minimum of THREE (3)
> offline backups on different media at all times. 

I have two. That's enough.

> If you use crypto
> without good backups, you are 100% going to lose all your data at some
> point.

No.

> I know a lot of the Linux nerds love encryption, but in my expert
> professional opinion it's a huge waste of time, effort and
> performance.

What happens if your laptop gets stolen?

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20210521/7065caa2/attachment.sig>


More information about the ubuntu-users mailing list