full-disk encryption WAS:Re:file system reommendations for SSD...]

[Matt Price]

On Thu, Dec 19, 2013 at 11:11 PM, Jamon Camisso
<jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org> wrote:
> On 19/12/13 11:02 PM, Matt Price wrote:
>
> I'd suggest encrypting everything except /boot as well since it's a
> laptop. You won't notice any slow downs. With enough RAM you can use
> tmpfs on /tmp as well.
>
> If you go this route, don't forget to encrypt your swap too. It's not
> hard, on my Debian laptop I just get two prompts when starting up, one
> for root and one for swap.

man, on ARCH this is a bit of a hassle for me.  I am struggling with a
couple of things:

- does the EFI system partiton get mounted at /boot or /boot/efi or
somewhere else?
- how do I generate a usable boot entry for gummiboot?  In particular,
how do I identify the base partiiton and the LUKS-encrypted volume by
UUID, or LABEL, or whatever, within that boot entry?
- is it possible to use a swapfile rather than a swap partition for
suspend-to-disk operations?  I would prefer that if possible but it
feels rather compliated.  suspend-to-disk is the only use I think I
really have for swap, I would actually rather avoid real swap if
possible

Also:  in your view what are the genuine, pratial benefits of
full-dsik encryption vs. user-diretory encryption? that's what I use
on Ubuntu and I've always thought it's sort o adequate, but have no
doubt I oculd be wrong.

Thanks,

Matt


>
> Cheers, Jamon
>
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists