I have a new laptop with Windows 10 already installed that I need to dual boot with EndeavourOS and I’m confused about encryption. There are a few Windows programs that won’t work in a virtual machine so unfortunately I have to have it running natively on the laptop. I’ve read a ton of articles and my head is spinning with so many different opinions.
I’m going to create 4 partitions:
/boot/efi
swap
/home
/
I want to protect my sensitive documents and photos stored on the /home partition.
Some say to encrypt every partition and some say this is overkill and just encrypt the /home partition.
Can someone who really understands this provide a simple explanation if I should do full disk encryption or just encrypt the /home partition? Thanks
I am not sure there is a simple explanation but there is a simple answer. Encrypt everything except boot/efi which is your EFI partition. That is the safest, simplest and most conservative answer.
If you want a longer answer, it just depends what you want to protect and how sensitive the information is.
If you encrypt only your /home. The end result is everything in /home will be encrypted but nothing else would be. For example:
Your swap partition which could contain portions of the files you have in memory or your command history. Or maybe even the password you use to decrypt that partition.
The home directory of the root user which could have sensitive information in it
Elements of cache
System configuration information
Lots of other stuff
In the end, the level of difficulty to encrypt all 3 partitions isn’t that much higher than encrypting just one so why not encrypt all 3 if you care about encryption.
I would say, just leave Linux, single boot, and forget about encryption IN ORDER to avoid data loss in case of hard drive failure or file system damage… All safe and you have no fears and no increased system load. I am running Endeavour OS as the main productive machine and had only slight issues. Just a ton better than Windows…
Encryption is something you either need/want or don’t. It doesn’t matter which OS you are running.
Disk-level encryption prevents your data from being accessed if your data gets into the wrong hands(physically). It protects you against things like physical theft or not wiping a drive before it is recycled.
As noted above, there are a few Windows programs I have to use that don’t work in a Windows virtual machine so that isn’t an option. Also, if someone steals my laptop with Linux on it that doesn’t mean they can’t access the drives which is why they need to be encrypted.
Has any new evidence come into the light recently that Windows has access to Linux file system by default without having enabled WSL? I am very much interested in this since one of our computers is a dualboot Win.Pro + Linux.
What is the risk you are concerned about? Most unencrypted Linux filesystems can be accessed via Windows, there are drivers available. Further, if someone compromised your machine, they could enable WSL.
I read the statement of the poster as if Windows by default can access Linux file system. Without WSL enabled and no extra drivers installed. The machine I am talking about is pretty secure so I am not actually concerned. If the Windows is compromised then it is a whole another story I guess.