(2/2) But, if I understand correctly, the sacrifice being made is that if your threat model includes an entire machine being taken by the adversary, then the adversary will always have access to a bootable machine with a live unencrypted drive. Yes, they still need to gain access to the system, but the biggest obstacle to obtaining your data, the encrypted disk, is now out of the way.

If you use a passphrase, there is still "something you know" protecting the encrypted drive. And passphrases still have special protection in many jurisdictions (including the US) https://www.eff.org/issues/know-your-rights#17

Thoughts? #linux #DriveEncryption #LUKS #TPM2

My work for this weekend is to encrypt the home partition of my laptop. I'm beginning to have nightmares over the thought of losing it/having it stolen and people being able to access shit they shouldn't.

https://computingforgeeks.com/encrypt-ubuntu-debian-disk-partition-using-cryptsetup/

#DriveEncryption #Linux