Can I automount encrypted /home?

al_F · 14 February 2022 20:42

I installed Manjaro alongside Windows on a laptop with EFI. As I want separate system and home partitions, I have an unencrypted root partition with mount point / and an encrypted partition with mount point /home.

This works well but slows down startup since it requires a 2-step login, first giving the encryption password and later my user password.

Is there a way to skip the first step and delay unencryption until logging in? The guides I found so far seems to deal mostly with automounting USB sticks or partitions other than /home.

mithrial · 14 February 2022 20:54

What’s the point of encryption if you want to store the key file unencrypted on your boot or root partition? (This is how it can be done.)

You can look at systemd-homed to do this. However, it’s not really officially supported.

al_F · 14 February 2022 21:03

I don’t want to, if that’s the only way… Just thought that since ecryptfs was unencrypting after giving user password at login, LUKS might be able to do the same.

But the slowdown of the boot process (with LUKS) is not big enough that I want to trade off security to make it faster.

Tomek · 14 February 2022 21:05

You should use hardware keys. You just touch your key and partition will be unencrypted. In addition you can use same key to login. 2 passwords less to type

https://wiki.archlinux.org/title/YubiKey#Full_disk_encryption_with_LUKS

al_F · 15 February 2022 08:57

Thanks for the tip! Not ready for this at the moment, but will look into it later. For now closing this thread as a kind of “won’t fix”

system · 17 February 2022 22:57

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.