Security, partition encryption

The threat I’m protecting; someone steals my laptop.
Currently, I simply encrypt a partition on logoff and decrypt on login.

But I know that’s almost useless, because all the various files that get stored in home, var, and who knows where else with flatpaks, file search crawlers, etc.

One complication, I have multiple OS’s installed on the same disk, including Windows.

I’ve considered home encrtyption, but I’ve read various issues with that with dual (quadruple) boot, and I’m not sure that covers everything with flatpaks and other?

Thoughts?

I do not use disk encryption, I encrypt data folders. Don’t know how secure it actually is, but it gives me peace of mind.

Just FDE with LUKS? You can also add OPAL on top if your laptop supports the spec, there should be no performance penalty in doing so.

I currently have multiple OS’s on one disk, including Windows. So FDE/LUKS wouldn’t work in that case for true Full Disk, correct?

My basic question is, when using installers that have the “encrypt” option, is that safe to use on a linux install that’s along side other Linux and Windows installs (on same SSD)?

I guess my other option is to keep Windows on current disk, and put all Linux OS’s on my other disk (that’s currently only data).

Generally yes, you can have LUKS partition only for /home/ for example, or any other mount point, including the /.

The other option is to get rid of Windows :wink:

I’ll dig deeper in the use cases for LUKS. I already use it on a data partition.

Oh to get rid of Windows!! I have ONE piece of Windows software where I report bugs on a regular basis. And the team asks me, did I try it on native Windows (rather than my VM load of Windows.) If not for that one thing, I’d be all Linux.

Out of curiosity, what software is that?

It’s several niche software packages from AiM Sports, for race car performance data analysis.

You might want to try virtualised Windows (virt-manager) and pass necessary ports (USB/Serial/etc) to the VM.

Thanks, for the most part, virtualbox is working fine. There’s been the rare case where something like 3D accel had to be changed to match the results of the native Windows version of the software.