Why should we encrypt the system partition and not only /home? [closed]
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I am currently installing a Debian distro on a new desktop computer and I am looking for pros/cons arguments for two ways of making the partition table (in matter of performance and security). My new computer has 16GB of RAM and a 500GB SSD (this should be enough for the specs).
First, I have a requisite which is to encrypt the working files. So, my first choice would have been:
#1 800 MB EFI
#2 300 MB ext4 /boot
#3 ..all.. crypto (sda3_crypt)
LVM Encrypted (sda3_crypt)
#1 10 GB swap
#2 80 GB ext4 /
#3 ...all.. ext4 /home
We need to encrypt the swap in order to be sure to not leak any cryptographic data if we occur to use it. In fact, this is enforced now by the Debian installer.
But, then, I assumed that the system itself may be left unencrypted (I am not very happy with encryption everywhere even on my desk...). After all, only /home is interesting.
So, the other alternative (my favorite one for now) is to leave the system unencrypted (only the /home is). I guess it might add some security issues but I could not see any yet and I guess that will improve the efficiency. This second way of doing should look like this:
#1 800 MB EFI
#2 80 GB ext4 /
#3 ..all.. crypto (sda3_crypt)
LVM Encrypted (sda3_crypt)
#1 10 GB swap
#2 ...all.. ext4 /home
So, did I miss something in matter of security ? Knowing that the adversary model is supposed to be the 'evil maid' that may be able to access physically the machine and possibly steal it while it is still switched on.
What kind of security breaches am I exposed to if I consider the second way to do ?
Finally, I will make sure that I have set up a /tmp mounted through tmpfs on the RAM. To prevent any critical write on the unencrypted part of the system.
partition system-installation lvm disk-encryption
asked Feb 8 at 16:47
perror
1,82841833
closed as primarily opinion-based by jasonwryan, DopeGhoti, andcoz, Isaac, Timothy Martin Feb 9 at 17:52
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |Â
up vote
0
down vote
favorite
I am currently installing a Debian distro on a new desktop computer and I am looking for pros/cons arguments for two ways of making the partition table (in matter of performance and security). My new computer has 16GB of RAM and a 500GB SSD (this should be enough for the specs).
First, I have a requisite which is to encrypt the working files. So, my first choice would have been:
#1 800 MB EFI
#2 300 MB ext4 /boot
#3 ..all.. crypto (sda3_crypt)
LVM Encrypted (sda3_crypt)
#1 10 GB swap
#2 80 GB ext4 /
#3 ...all.. ext4 /home
We need to encrypt the swap in order to be sure to not leak any cryptographic data if we occur to use it. In fact, this is enforced now by the Debian installer.
But, then, I assumed that the system itself may be left unencrypted (I am not very happy with encryption everywhere even on my desk...). After all, only /home is interesting.
So, the other alternative (my favorite one for now) is to leave the system unencrypted (only the /home is). I guess it might add some security issues but I could not see any yet and I guess that will improve the efficiency. This second way of doing should look like this:
#1 800 MB EFI
#2 80 GB ext4 /
#3 ..all.. crypto (sda3_crypt)
LVM Encrypted (sda3_crypt)
#1 10 GB swap
#2 ...all.. ext4 /home
So, did I miss something in matter of security ? Knowing that the adversary model is supposed to be the 'evil maid' that may be able to access physically the machine and possibly steal it while it is still switched on.
What kind of security breaches am I exposed to if I consider the second way to do ?
Finally, I will make sure that I have set up a /tmp mounted through tmpfs on the RAM. To prevent any critical write on the unencrypted part of the system.
partition system-installation lvm disk-encryption
asked Feb 8 at 16:47
perror
1,82841833
closed as primarily opinion-based by jasonwryan, DopeGhoti, andcoz, Isaac, Timothy Martin Feb 9 at 17:52
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
I reworked a bit the question... As usual, I discovered the real question I was looking for after reading the answer... Sorry for that.
– perror
Feb 8 at 17:54
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am currently installing a Debian distro on a new desktop computer and I am looking for pros/cons arguments for two ways of making the partition table (in matter of performance and security). My new computer has 16GB of RAM and a 500GB SSD (this should be enough for the specs).
First, I have a requisite which is to encrypt the working files. So, my first choice would have been:
#1 800 MB EFI
#2 300 MB ext4 /boot
#3 ..all.. crypto (sda3_crypt)
LVM Encrypted (sda3_crypt)
#1 10 GB swap
#2 80 GB ext4 /
#3 ...all.. ext4 /home
We need to encrypt the swap in order to be sure to not leak any cryptographic data if we occur to use it. In fact, this is enforced now by the Debian installer.
But, then, I assumed that the system itself may be left unencrypted (I am not very happy with encryption everywhere even on my desk...). After all, only /home is interesting.
So, the other alternative (my favorite one for now) is to leave the system unencrypted (only the /home is). I guess it might add some security issues but I could not see any yet and I guess that will improve the efficiency. This second way of doing should look like this:
#1 800 MB EFI
#2 80 GB ext4 /
#3 ..all.. crypto (sda3_crypt)
LVM Encrypted (sda3_crypt)
#1 10 GB swap
#2 ...all.. ext4 /home
So, did I miss something in matter of security ? Knowing that the adversary model is supposed to be the 'evil maid' that may be able to access physically the machine and possibly steal it while it is still switched on.
What kind of security breaches am I exposed to if I consider the second way to do ?
Finally, I will make sure that I have set up a /tmp mounted through tmpfs on the RAM. To prevent any critical write on the unencrypted part of the system.
partition system-installation lvm disk-encryption
asked Feb 8 at 16:47
perror
1,82841833
I am currently installing a Debian distro on a new desktop computer and I am looking for pros/cons arguments for two ways of making the partition table (in matter of performance and security). My new computer has 16GB of RAM and a 500GB SSD (this should be enough for the specs).
First, I have a requisite which is to encrypt the working files. So, my first choice would have been:
#1 800 MB EFI
#2 300 MB ext4 /boot
#3 ..all.. crypto (sda3_crypt)
LVM Encrypted (sda3_crypt)
#1 10 GB swap
#2 80 GB ext4 /
#3 ...all.. ext4 /home
We need to encrypt the swap in order to be sure to not leak any cryptographic data if we occur to use it. In fact, this is enforced now by the Debian installer.
But, then, I assumed that the system itself may be left unencrypted (I am not very happy with encryption everywhere even on my desk...). After all, only /home is interesting.
So, the other alternative (my favorite one for now) is to leave the system unencrypted (only the /home is). I guess it might add some security issues but I could not see any yet and I guess that will improve the efficiency. This second way of doing should look like this:
#1 800 MB EFI
#2 80 GB ext4 /
#3 ..all.. crypto (sda3_crypt)
LVM Encrypted (sda3_crypt)
#1 10 GB swap
#2 ...all.. ext4 /home
So, did I miss something in matter of security ? Knowing that the adversary model is supposed to be the 'evil maid' that may be able to access physically the machine and possibly steal it while it is still switched on.
What kind of security breaches am I exposed to if I consider the second way to do ?
Finally, I will make sure that I have set up a /tmp mounted through tmpfs on the RAM. To prevent any critical write on the unencrypted part of the system.
partition system-installation lvm disk-encryption
asked Feb 8 at 16:47
perror
1,82841833
edited Feb 8 at 17:48
asked Feb 8 at 16:47
perror
1,82841833
asked Feb 8 at 16:47
perror
1,82841833
asked Feb 8 at 16:47
perror
1,82841833
1,82841833
closed as primarily opinion-based by jasonwryan, DopeGhoti, andcoz, Isaac, Timothy Martin Feb 9 at 17:52
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as primarily opinion-based by jasonwryan, DopeGhoti, andcoz, Isaac, Timothy Martin Feb 9 at 17:52
Many good questions generate some degree of opinion based on expert experience, but answers to this question will tend to be almost entirely based on opinions, rather than facts, references, or specific expertise. If this question can be reworded to fit the rules in the help center, please edit the question.
I reworked a bit the question... As usual, I discovered the real question I was looking for after reading the answer... Sorry for that.
– perror
Feb 8 at 17:54
add a comment |Â
I reworked a bit the question... As usual, I discovered the real question I was looking for after reading the answer... Sorry for that.
– perror
Feb 8 at 17:54
I reworked a bit the question... As usual, I discovered the real question I was looking for after reading the answer... Sorry for that.
– perror
Feb 8 at 17:54
I reworked a bit the question... As usual, I discovered the real question I was looking for after reading the answer... Sorry for that.
– perror
Feb 8 at 17:54
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
4
down vote
accepted
Your first approach appears to encrypt everything except /boot; your second approach encrypts only swap & home.
I suggest encrypting everything. I believe Debian can handle even /boot being encrypted nowadays (with grub prompting for a passphrase).
There are a few big advantages to encrypt everything:
Security. It's far too easy for data to accidentally leak outside of /home. You thought of /tmp; there is also /var/tmp. And, depending on the programs you use, each has its own spot in /var — e.g., you put some data in MySQL, and oops that was /var/lib/mysql. Did you also remember mail in /var/mail and /var/spool/exim? or the print spool in /var/spool/cups (if you use CUPS; elsewhere with other print systems)? Or /var/log can easily come to contain sensitive data. Encrypt everything and this can't happen.
Flexibility. Splitting it is forcing you to pick how much space to allocate to / vs. /home. If you get that wrong, with that setup, changing it will be difficult. With everything inside LVM, its much easier to change (and with one filesystem, you aren't forced to even decide on a split).
Downside. An encrypted system is a tad bit slower, but I doubt it'll be noticeable on a PC made in the last, say, decade.
BTW: For your evil maid attacks, you need to make sure the machine is always locked when you're not there, and do things to lock down the boot sequence (e.g., firmware/BIOS password & grub password), physical tamper indicators on the case, somehow prevent hardware key loggers from being added (or keyboards being replaced), etc. That is a hard scenario to secure against.
answered Feb 8 at 17:21
derobert
68.6k8148203
Damn, I under-estimated the number of logs outside/tmp... Thanks for your insight!
– perror
Feb 8 at 17:26
For example, I would bet you can find your password within a month worth of/var/log/*😎.
– daniel Azuelos
Feb 8 at 19:01
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
accepted
Your first approach appears to encrypt everything except /boot; your second approach encrypts only swap & home.
I suggest encrypting everything. I believe Debian can handle even /boot being encrypted nowadays (with grub prompting for a passphrase).
There are a few big advantages to encrypt everything:
Security. It's far too easy for data to accidentally leak outside of /home. You thought of /tmp; there is also /var/tmp. And, depending on the programs you use, each has its own spot in /var — e.g., you put some data in MySQL, and oops that was /var/lib/mysql. Did you also remember mail in /var/mail and /var/spool/exim? or the print spool in /var/spool/cups (if you use CUPS; elsewhere with other print systems)? Or /var/log can easily come to contain sensitive data. Encrypt everything and this can't happen.
Flexibility. Splitting it is forcing you to pick how much space to allocate to / vs. /home. If you get that wrong, with that setup, changing it will be difficult. With everything inside LVM, its much easier to change (and with one filesystem, you aren't forced to even decide on a split).
Downside. An encrypted system is a tad bit slower, but I doubt it'll be noticeable on a PC made in the last, say, decade.
BTW: For your evil maid attacks, you need to make sure the machine is always locked when you're not there, and do things to lock down the boot sequence (e.g., firmware/BIOS password & grub password), physical tamper indicators on the case, somehow prevent hardware key loggers from being added (or keyboards being replaced), etc. That is a hard scenario to secure against.
answered Feb 8 at 17:21
derobert
68.6k8148203
Damn, I under-estimated the number of logs outside/tmp... Thanks for your insight!
– perror
Feb 8 at 17:26
For example, I would bet you can find your password within a month worth of/var/log/*😎.
– daniel Azuelos
Feb 8 at 19:01
add a comment |Â
up vote
4
down vote
accepted
Your first approach appears to encrypt everything except /boot; your second approach encrypts only swap & home.
I suggest encrypting everything. I believe Debian can handle even /boot being encrypted nowadays (with grub prompting for a passphrase).
There are a few big advantages to encrypt everything:
Security. It's far too easy for data to accidentally leak outside of /home. You thought of /tmp; there is also /var/tmp. And, depending on the programs you use, each has its own spot in /var — e.g., you put some data in MySQL, and oops that was /var/lib/mysql. Did you also remember mail in /var/mail and /var/spool/exim? or the print spool in /var/spool/cups (if you use CUPS; elsewhere with other print systems)? Or /var/log can easily come to contain sensitive data. Encrypt everything and this can't happen.
Flexibility. Splitting it is forcing you to pick how much space to allocate to / vs. /home. If you get that wrong, with that setup, changing it will be difficult. With everything inside LVM, its much easier to change (and with one filesystem, you aren't forced to even decide on a split).
Downside. An encrypted system is a tad bit slower, but I doubt it'll be noticeable on a PC made in the last, say, decade.
BTW: For your evil maid attacks, you need to make sure the machine is always locked when you're not there, and do things to lock down the boot sequence (e.g., firmware/BIOS password & grub password), physical tamper indicators on the case, somehow prevent hardware key loggers from being added (or keyboards being replaced), etc. That is a hard scenario to secure against.
answered Feb 8 at 17:21
derobert
68.6k8148203
Damn, I under-estimated the number of logs outside/tmp... Thanks for your insight!
– perror
Feb 8 at 17:26
For example, I would bet you can find your password within a month worth of/var/log/*😎.
– daniel Azuelos
Feb 8 at 19:01
add a comment |Â
up vote
4
down vote
accepted
up vote
4
down vote
accepted
Your first approach appears to encrypt everything except /boot; your second approach encrypts only swap & home.
I suggest encrypting everything. I believe Debian can handle even /boot being encrypted nowadays (with grub prompting for a passphrase).
There are a few big advantages to encrypt everything:
Security. It's far too easy for data to accidentally leak outside of /home. You thought of /tmp; there is also /var/tmp. And, depending on the programs you use, each has its own spot in /var — e.g., you put some data in MySQL, and oops that was /var/lib/mysql. Did you also remember mail in /var/mail and /var/spool/exim? or the print spool in /var/spool/cups (if you use CUPS; elsewhere with other print systems)? Or /var/log can easily come to contain sensitive data. Encrypt everything and this can't happen.
Flexibility. Splitting it is forcing you to pick how much space to allocate to / vs. /home. If you get that wrong, with that setup, changing it will be difficult. With everything inside LVM, its much easier to change (and with one filesystem, you aren't forced to even decide on a split).
Downside. An encrypted system is a tad bit slower, but I doubt it'll be noticeable on a PC made in the last, say, decade.
BTW: For your evil maid attacks, you need to make sure the machine is always locked when you're not there, and do things to lock down the boot sequence (e.g., firmware/BIOS password & grub password), physical tamper indicators on the case, somehow prevent hardware key loggers from being added (or keyboards being replaced), etc. That is a hard scenario to secure against.
answered Feb 8 at 17:21
derobert
68.6k8148203
Your first approach appears to encrypt everything except /boot; your second approach encrypts only swap & home.
I suggest encrypting everything. I believe Debian can handle even /boot being encrypted nowadays (with grub prompting for a passphrase).
There are a few big advantages to encrypt everything:
Security. It's far too easy for data to accidentally leak outside of /home. You thought of /tmp; there is also /var/tmp. And, depending on the programs you use, each has its own spot in /var — e.g., you put some data in MySQL, and oops that was /var/lib/mysql. Did you also remember mail in /var/mail and /var/spool/exim? or the print spool in /var/spool/cups (if you use CUPS; elsewhere with other print systems)? Or /var/log can easily come to contain sensitive data. Encrypt everything and this can't happen.
Flexibility. Splitting it is forcing you to pick how much space to allocate to / vs. /home. If you get that wrong, with that setup, changing it will be difficult. With everything inside LVM, its much easier to change (and with one filesystem, you aren't forced to even decide on a split).
Downside. An encrypted system is a tad bit slower, but I doubt it'll be noticeable on a PC made in the last, say, decade.
BTW: For your evil maid attacks, you need to make sure the machine is always locked when you're not there, and do things to lock down the boot sequence (e.g., firmware/BIOS password & grub password), physical tamper indicators on the case, somehow prevent hardware key loggers from being added (or keyboards being replaced), etc. That is a hard scenario to secure against.
answered Feb 8 at 17:21
derobert
68.6k8148203
edited Feb 8 at 18:01
answered Feb 8 at 17:21
derobert
68.6k8148203
answered Feb 8 at 17:21
derobert
68.6k8148203
answered Feb 8 at 17:21
derobert
68.6k8148203
68.6k8148203
Damn, I under-estimated the number of logs outside/tmp... Thanks for your insight!
– perror
Feb 8 at 17:26
For example, I would bet you can find your password within a month worth of/var/log/*😎.
– daniel Azuelos
Feb 8 at 19:01
add a comment |Â
Damn, I under-estimated the number of logs outside/tmp... Thanks for your insight!
– perror
Feb 8 at 17:26
For example, I would bet you can find your password within a month worth of/var/log/*😎.
– daniel Azuelos
Feb 8 at 19:01
Damn, I under-estimated the number of logs outside
/tmp... Thanks for your insight!– perror
Feb 8 at 17:26
Damn, I under-estimated the number of logs outside
/tmp... Thanks for your insight!– perror
Feb 8 at 17:26
For example, I would bet you can find your password within a month worth of
/var/log/* 😎.– daniel Azuelos
Feb 8 at 19:01
For example, I would bet you can find your password within a month worth of
/var/log/* 😎.– daniel Azuelos
Feb 8 at 19:01
add a comment |Â
I reworked a bit the question... As usual, I discovered the real question I was looking for after reading the answer... Sorry for that.
– perror
Feb 8 at 17:54