I am planning on reinstalling to new drive(s) the next time my distro releases a new version and i am interested in drive encryption, so i was wondering
if i have root and home on two separate SSDs and they are encrypted with the same password, would i have to enter the password twice to boot? and would there be any other downsides of an encrypted two drive setup?
is there anything i should take into account when using or setting up drive encryption? any best practices for drive encryption that i should know?
thanks in advance
This seems to be what you’re looking for.
You pretty much just use a keyfile instead of a traditional password. Once your root drive is unlocked, your home directory can be automatically unlocked using a keyfile held somewhere in another drive.
Yes it’s pretty easy with keyfile and
/etc/crypttab
.One practical recommendation: As LUKS headers can hold several keys, also add a traditional passphrase in addition to the keyfile. With this it’s far easier to decrypt the drive from commandline if you ever need to rescue the system from a USB.
Oh yeah i forgot about doing this, actually way easier than what i suggested