Re: Advice on encrypted filesystem
On Wednesday, June 24, 2020 10:20:55 PM David Wright wrote:
> On Wed 24 Jun 2020 at 21:28:38 (-0400), rhkramer@gmail.com wrote:
> > On my Wheezy system, I used cryptsetup to set up a LUKs encrypted file
> > system on a dedicated partition
>
> What were the contents of this partition: the OS itself, or /home,
> or an independent filesystem that you'd probably mount under /media?
an independent filesystem mounted as a top level directory
> Same this time around?
yes
> > (actually, two filesystems).
>
> Do you mean you did this twice, or what?
Hm, I can elaborate a little: I have one filesystem / partition for my very
sensitive private data, and a second to back that stuff up.
(I have some scripts to allow me to easily open (and close) those filesystems
-- when they open, the unencrypted content is put on a ramdisk (with the
intent if somebody gets physical possession of the device (which is a desktop,
not a laptop), the enencrypted data disappears on power off.)
>
> Laptops?
Well, the Buster system is a laptop, Jessie is a desktop. I don't plan to put
much, if any, sensitive data on the laptop. (I don't really even intend to
take the laptop out of the house, especially during this Covid thing -- I
installed Buster on it because I needed GCC 7+ and couldn't (easily) do that
on the Wheezy or Jessie systems.
> Do you use suspend?
No.
> Desktops?
See above.
> Do you boot them remotely?
No, but they do stay up 24/7 unless there is a (longer that 2 minute (power is
UPS supported)) power outage, or a (very rare) reboot.
Reply to: