I am installing Ubuntu 13 with full encryption but why am I given the option to also encrypt my home folder. Surely the home folder is covered under the system encryption? I'm confused.
Ubuntu – given the option to also encrypt the home folder after I’ve selected system encryption
encryptioninstallation
Related Question
- Ubuntu – How to encrypt files after skipping the option during installation
- Ubuntu – Why can I not deselect “encrypt the home folder”
- Ubuntu – Encrypt home directory / LVM encryption – Ubuntu Server 14.04 setup
- Ubuntu – Full Disk Encryption + Home folder encryption needed? Wouldn’t Full Disk Encryption get the Home folder anyway
- Ubuntu – Changing home folder encryption after changing user password
- Ubuntu – Encrypt the whole disk after installing 18.04
Best Answer
You are being offered 2 layers of Encryption.
The first is LUKS. With LUKS your entire installation (except /boot) will be encrypted, including your home directory.
The second is ecrptfs and is used to encrypt your home directory.
In general there is no need to use the two together, but, you could if for example you have multiple users and you wish to keep data encrypted between users or from root access.
When you use LUKS, when you boot, the data in your /home will be decrypted and as long as the system is running, the data can be read by root and other users.
https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access
If you so desire , you can restrict access to the data in your home directory by adjusting the permissions or by encrypting your home directory as well.
If you encrypt your home directory, your personal data will remain encrypted when the system boots and will only be decrypted when you log in.
HTH