Fedora includes functions to encrypt your storage. You may find this function useful if you have a laptop or if you worry about your disk storage falling out of your control. This disk encryption requires you to provide an additional passphrase at boot time or whenever you first access the disk storage.
You may choose to encrypt either all partitions, or only selected
ones. A typical use case includes encrypting partitions
containing /home
, /var
, and /tmp
, along with the swap partition.
There is usually no need to encrypt /usr
, since this directory usually
contains only system executables and libraries that have no
intrinsic privacy value. The /boot
partition is never encrypted
and should not be used for sensitive data.
Encrypted Storage Performance | |
---|---|
Storage encryption creates a slight performance decrease. You may wish to weigh this drawback against the benefits of security and privacy that encryption provides. |
To make the encryption effective, choose a good passphrase. You can find more information about good passphrases in Chapter 11, Set the Root Password.
The encryption provided uses the Linux Unified Key System (LUKS) for encryption. For more information on LUKS, refer to http://luks.endorphin.org/.