On 11 December 2017 at 21:19, Carlos E. R. <robin.listas@telefonica.net> wrote:
I don't think I want to encrypt the entire machine as my CPU is pretty basic (Pentium G2120) and I'm worried about performance. (Or is this a non-issue?)
Non issue :-)
Unless your workload is disk intensive.
I typically only encrypt /home or /data directories, not the system. However, programs may use temporary spaces, so you might consider full system encryption.
Well, /home might be a workable compromise. The system is sometimes swap-intensive, SSD is being installed specifically to speed things up, so I think encrupting swap would be self-defeating. But encryption might be ok for /home. Or else just an encrypted area for the project. Also I wonder if it might be possible to wipe swap at shutdown. The probability of the system being stolen while turned on is very small - it is a desktop. But if the home is broken into in my absence, it's a different story. Actually, if the machine does get stolen the probability of someone actually analysing swap is also small, but still I'd like to remove that chance if possible.
Ideally I want some sort of automount with a GUI prompt for password when I try to access the path. I could live with a manual mount command and password entry. provided I do not have to do it as root.
The system will prompt for password during boot, if the partition is mounted by default in fstab. Graphically if you use Plymouth (the default).
I do it noauto and mount manually. Actually, I wrote my own scripts.
And how do your scripts work? You added something to sudo's config so they can use sudo to mount manually? Manual mounting could be great for me but I want to avoid entering two passwords (root and LUKS). -- Yours, Mikhail Ramendik Unless explicitly stated, all opinions in my mail are my own and do not reflect the views of any organization -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org