On 2024-06-14 22:40, Daniel Bauer wrote:
Am 14.06.24 um 21:57 schrieb Carlos E. R.:
On 2024-06-14 20:25, Daniel Bauer wrote:
Am 14.06.24 um 19:35 schrieb Carlos E. R.:
On 2024-06-14 15:57, Daniel Bauer wrote:
Here's the file...
Tks.
There is /boot partition #1, non encrypted. There is ESP, #3, non encrypted. There is partition #3, encrypted. Inside there is an LVM "whatever", that contains three "spaces", "/", "/home" (both ext4) and "swap".
Yes, the question is if those three "spaces" are fully encrypted because the "container" is, or not.
Yes.
Googling I didn't find a clear answer, but tending to yes :-)
Still, if somebody knows, I'd like to know, too...
I would say "yes, absolutely", but computers tend to surprise one, so... let's say 95% sure ;-)
I don't name the lvm parts because I'm not an lvm connoisseur, so personally I avoid using it.
I only use LVM because the installer proposes it for encrypted systems with only one passphrase entry. In (much) earlier versions of OS I used to encrypt each partition manually with LUKS and it always worked, but somewhen something changed. So now I use LVM, and I don't actually care :-)
There are currently two full machine encryption methods; I think both are supported by YaST. The traditional one, using an LVM, and a new one (since 15.4 or 15.3, I think) with separate encrypted partitions. With some manual steps to be done by the admin, like having care they use the same password, and adding a key file. I think there is a wiki page explaining the method (sorry, I must locate my notes somewhere). As installed by YaST, the second method makes you type twice the password (with the help of Plymouth). It can be adapted to single entry, but takes a bit of work. It is my preferred method. Apparently, not using the same password on each partition is something that people do, but surprised me. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)