As I said before, there is no reason for wanting to have /usr
on an encrypted partition. There is nothing in /usr
that’s confidential.
I know, but without encryption it’s possible for someone with physical access to tinker with /usr, right?
Only if they manage to boot the system, but the root filesystem is already encrypted, so…
It’s also about integrity. You can, e.g., replace /usr/bin/cat
with your own nefarious binary.
Well then, if you’re afraid of someone stealing your laptop, replacing binaries in /usr
and then somehow returning the laptop to you, then I guess you should keep /usr
on the encrypted root filesystem.
A better solution in that regard — if one wants to split off /usr
anyway — would be to use btrfs
and make /usr
into a separate subvolume. But that’s a whole other can of worms again.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.