Encrypt home directory / LVM encryption - Ubuntu Server 14.04 setup

Question

There seems to be two different steps in the Ubuntu Server 14.04 installation that involve encryption. The first asks if I want to encrypt my home directory:

enter image description here

The second has an option for encrypted LVM:

enter image description here

Are these two different encryption procedures? If I do both is my drive doubly encrypted? Why would I do one and not the other?

I don't think this is a duplicate of When installing I'm given the option of encrypting my home folder -- what does this do? because that solution does not explain why there are seemingly two encryption steps being offered.

score 4 · Accepted Answer · edited Apr 09 '23 at 13:03

4

They are completely separate and other then "encryption" they have nothing in common.

LUKS

LUKS / LVM encrypts everything but /boot.

With LUKS, almost everything is decrypted when you boot, /swap, /home, /, etc. You can of course configure this differently, but this is how the defaults work.

eCryptfs

eCryptfs or ecryptfs, in contrast, usually encrypts /home/username.

With ecryptfs, your home directory is decrypted when you log in. You would use this when you need to encrypt your personal data in /home separately from the system.

See:

edited Apr 09 '23 at 13:03

Artfaith

219
1
3
10

answered Aug 21 '14 at 18:03

Panther

102,067

Does it make sense to use both? – Dmitry Frank Jan 28 '18 at 17:20
Only on a multi user system – Panther Jan 28 '18 at 18:36

Encrypt home directory / LVM encryption - Ubuntu Server 14.04 setup

1 Answers1

LUKS

eCryptfs

Linked