Fedora includes functions to encrypt your storage. You may find this function useful if you have a laptop or if you worry about your disk storage falling out of your control. This disk encryption requires you to provide an additional passphrase at boot time or whenever you first access the disk storage.

You may choose to encrypt either all partitions, or only selected ones. A typical use case includes encrypting partitions containing /home, /var, and /tmp, along with the swap partition. There is usually no need to encrypt /usr, since this directory usually contains only system executables and libraries that have no intrinsic privacy value. The /boot partition is never encrypted and should not be used for sensitive data.

To make the encryption effective, choose a good passphrase. You can find more information about good passphrases in Chapter 11, Set the Root Password.

The encryption provided uses the Linux Unified Key System (LUKS) for encryption. For more information on LUKS, refer to http://luks.endorphin.org/.