[NCLUG] Encrypted Filesystems?

[Bob Proulx]

I am starting to play around with encrypted filesystems on a laptop.
It seems like the obvious thing to do.  Then if it is lost or stolen
the data is not exposed.

The simplest thing seems to be to create an encrypted physical volume
and then use lvm on top of that.  Create a swap and root volume out of
it and just have everything encrypted.  However then there is a
performance penalty for everything.  (I don't know how that would
affect playing video from disk for example.)

So of course I considered just an encrypted /home.  But I have a lot
of source code that I normally keep in my home directory and building
source there would seem to be a waste of cpu cycles.  I could link of
of it I suppose.

So of course I thought about an additional filesystem that would be
encrypted such as /mnt/encrypted.  I could just keep anything that I
felt was important there.  But that is also a pain.

So of course I thought about simply encrypting the entire filesystem,
and came full circle.

Being gripped by "analysis paralysis" I thought I would ask if other
had given this very much thought?  And if so what they had decided to
do on their laptop systems?

Bob