As I said before, there is no reason for wanting to have /usr on an encrypted partition. There is nothing in /usr that’s confidential. 
1 Like
I know, but without encryption it’s possible for someone with physical access to tinker with /usr, right?
Only if they manage to boot the system, but the root filesystem is already encrypted, so…
It’s also about integrity. You can, e.g., replace /usr/bin/cat with your own nefarious binary.
Well then, if you’re afraid of someone stealing your laptop, replacing binaries in /usr and then somehow returning the laptop to you, then I guess you should keep /usr on the encrypted root filesystem. 
A better solution in that regard — if one wants to split off /usr anyway — would be to use btrfs and make /usr into a separate subvolume. But that’s a whole other can of worms again. 
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.