Differences

This shows you the differences between two versions of the page.

--- software:encryption [2015/07/30 21:07]
cyril [When to mount]
+++ software:encryption [2015/07/30 21:39] (current)
cyril [Application data and system partition]
@@ Line 60: / Line 60: @@
 Sensitive/personal application data should be moved to an encrypted partition, you can use symbolic or hard links to make the redirection. This as the advantage of easier backup as well. It is also a good idea to encrypt your home directory, as it is difficult to spot all application data that contain personal data. It can be automatically mounted when you log in, with the same password.
-The next step is to encrypt your whole system partition. It is necessary if your data are very sensitive and you suspect some advanced hackers could try to gain access to it, to prevent from installing spy programs on it (by booting on a live OS or extracting the hard drive). It is still possible to attack the necessarily unencrypted boot partition, but it is way more difficult.
+The next step is to encrypt your whole system partition. It is necessary if your data are very sensitive and you suspect some hackers could try to gain access to it, to prevent from installing spy programs on it (by booting on a live OS or extracting the hard drive). But then it is possible to attack the unencrypted boot partition, which is not really harder because of the needed initramfs, so you also need to encrypt it and have grub decrypt it. You should also verify the integrity of grub, the MBR, and the BIOS.
 Encrypting the whole system partition also encrypts the swap file if there is one. If you are using a swap partition you may want to encrypt it as well (a swap file on an encrypted partition).