Ubuntu – Full Disk Encryption + Home folder encryption needed? Wouldn’t Full Disk Encryption get the Home folder anyway

diskencryptionluks

I'm reinstalling Ubuntu, and want to do full disk encryption. After selecting it, I'm given a choice to also encrypt the Home folder.

Since Ubuntu doesn't use a separate partition for the Home folder (afaik), wouldn't full disk encryption already cover the Home folder? Does adding Home folder encryption add more security of some kind?

Best Answer

  • "It depends".

    Whole disk encryption will use LUKS and everything but /boot will be encrypted, including your data in /home.

    This prevents unauthorized access to the system from a cold boot. Once the system is fully booted, however, everything, including /home, is decrypted.

    Encrypting /home uses ecryptfs and your home directory will be encrypted when you are not logged in. This prevents root or other uses from accessing your data in /home. Your data, however, is decrypted as long as you are logged in.