On Wed, 14 Dec 2011, Roger Leigh wrote: [..]
The same argument applies to encryption. / and /usr both contain a selection of programs, libraries etc. If you're encrypting one, why would you not encrypt all of it?
Speed.On one of my relatively low-power portable systems, I have everything encrypted except /boot and /usr. /boot for obvious reasons; /usr because decryption is heavily CPU-bound, making encrypted /usr unworkably slow. Since encryption is for privacy reasons, I need encrypted / because of /etc. (And encrypted /home and /var of course.)
Indeed, this means that programs in /bin and libs in /lib are also encrypted. But this actually does _not_ slow things down: the Linux disk cache is sensibly caching the decrypted data, so often-used stuff from /bin and /lib happily remains in already-decrypted cache. The interesting stuff from /usr is generally too large and too seldomly used to remain cached.
So I'd say "preferably not" move /bin and /lib to /usr; but I'd say "absolutely definitely not" move /usr/bin and /usr/lib to /.
(Well, in the latter case: unless you make sure that /bin and /lib are actually mountable separately. But that would really defeat the purpose.)
Best regards, Anne Bezemer