After forgetting to FDE during the setup, and gave up to setup it a 2nd time with FDE, I was wondering how to do it after installation has been done.
I checked around but it seems to be very difficult to have FDE after the installation. Encrypting just a Home directory seems possible. But not the whole drive.
It is possible. Removing it later is also possible.
It's also a complicated Nightmare to attempt - and risky.
So the short of it is: You are best off to do encryption at installation.
I agree. It is possible , but it can be really messy if you are not fully familiar with Linux and commands.
I did that while ago, but result was clean install again, lol
Is the entire disk encryption necessary if one can encrypt home directory?
You can encrypt only home folder , but I don't see a point in that .
Some programs will write things on
/tmp , log files are going to
/var/log , swap will contain sensitive data. Those directories are outside of your home, and will not be protected.
Also passwords can be stored outside home folder, so it is risky
So full disk encryption or nothing
Thanks for the explanation. It makes a lot of seances.
Since I never take my computers out of home I have never bothered with encryption. As for on premise security - only hacker around here is me
Same for my laptop.
Most of my things are on my separate hard drive, GDrive and my phone.
So no need for encryption
Exactly, I do not recommend full disk encryption because it is way overkill. Unless you work for the CIA or CocaCola, it's not worth the hassle.
Funny, now you mention it.
In fact, I once was working at Coca-Cola [we were told never to drop this hyphen] Japan. Office computers were running Windows 3.1. Now you know how long time ago it was.
NGO, journalism, activism and travel to countries that doesn’t respect all the human right could be good reasons as well.
I will follow your advices. I will restart FDE from scratch.
Thank you for your help!
Note for those who will face similar issue:
It worked well for me. My adapter save me a lot of time and allow me to plug a security key (previously setup - password based on US keyboard) to register my FDE password during the setup. Perfect!
If you have not an US keyboard, you should do all the set up of Zorin with US keyboard selected, then when it has been done completely, add your language keyboard. Otherwise, you will not able to enter in your FDE.
Personally, I have chosen my own language keyboard during the Zorin setup then I had password error and couldn’t access to my disc, so I had to do what I’ve written above.
My husband selected a password which uses keys common in Azerty and Qwerty to avoid such issue
I did too. But, in addition, I mixed it with a very long password generated with my password manager.
Meaning, I’ve got a really strong password that doesn’t bother me to write and don’t need to remember.
You are very security conscious.
Since we rarely take our laptops outside the house, we use "average" strength passwords, which we can memorise. As for the internal security, I am the only hacker on-premise