Description of problem: If you choose that the installer should create the partitions automatically, it creates everytime an unecrypted /home partition. The only way to encrypt it is, to (for example) delete the automatic created/calculated /home partiton, create a new /home partition manually an tick the checkbox "encrypted". To make this process easier (also for beginner) it would be better to have an option directly in the installer and if you choose "automatic partitioning", that you can click a checkbox there (maybe in an new windows where it asks) and select "encrypt /home". If its checked you can after that enter a password. Maybe also show then the encrypted partition with a special icon or show as "/home (encrypted)" in the overview. Encrypting the /home is especially for SSDs recommended, because they have an completely different file/datamanagement and maybe dont delete every data if you format/overwrite existing data.
Summary: Allow easier /home encryption while installing => Request: Allow easier /home encryption while installing
Created attachment 11545 [details] Example Example Step 1 : Select Custom disk partitioning Step 2 : Click the box "Encrypt /home" Step 3 : Enter Password Step 4 : Auto allocate
No time now to check this out, but a couple of things strike me. 1) > The only way to encrypt [the /home partition] is to (for example) delete > the automatic created/calculated /home partition, create a new /home > partition manually and tick the checkbox "encrypted". For someone who wants to do this, this does not seem arduous. What would happen in an 'automated' partition choice where /home is included under '/' rather than separately? 2) I was unclear about "automatic partitioning" (where I think you propose the additional encrypted option) v "Select Custom disk partitioning" where the user decides everything. I will look at this tomorrow with an installer to clarify what is being asked. > Encrypting the /home is especially for SSDs recommended, because they have > an completely different file/datamanagement and maybe dont delete every > data if you format/overwrite existing data. This is also true for hard discs.
CC: (none) => lewyssmith
Yea. Its a bit wired. Personaly i make everytime a clean install of the system and no upgrades (from MGA1 to 2 to 3 to 4 to 5 to 6 to 7) and select "Custom disk partitioning" -> Auto allocate (what i mean as automatic partitioning"), delete after that the allocated /home and create a new /home with encryption. It would be (for me) easier to select "encrypt /home" before allocate the partitions and than click on allocate to have directly an allocated encrypted /home. Also maybe this feature in the first step/window where you can choose between "use free space" or "custom disk partitioning" could be useful. Where you select "use free space with /home encrypted" But yea, i see your point where / is also the /home partition on drives with less space or if the user want this way. it's just an idea what could be changed maybe.
OK, I have played as far as I dare without messing up my disc, and see more precisely what you are asking & where. I noticed that any partition manually *created* offers encryption . You are referring specifically to "Custom disc partitioning", and the bottom *Auto allocate* button of that - overall, just one of many possible partitioning paths. Clicking that alone showed nothing; I did not click the 'Done' button to see what would happen, but imagine that the last part of your useful screenshot shows the result: 3 partitions, / Swap /home . Not having spare hardware to explore further, it would be interesting to know what options you get when you click on the proposed /home partition on this auto-allocated screen; for *this* seems to be the place to ask for encryption. (It cannot be offered for the auto-allocated / partition since the included /boot cannot be encrypted). Can you attach screenshot(s) showing all the options available when you click on the *auto-allocated /home partition*, to see whether that would be a sensible place to ask for its encryption?
Summary: Request: Allow easier /home encryption while installing => Request: Allow easier encryption of auto-allocated /home partition while installing
Automatic allocating plus encrypting /home seem to ask for trouble as it is hard to change size if you i.e need more / space. Also encrypting only /home is not enough to keep all secrets, as long as you have swap and /tmp unencrypted, and some interesting settings and logs are found in /etc and /root /var/log... Better is to create small /EFI and /boot, then one large encrypted pv for LVM, and inside that swap, /, /home. Leave unused space, and it is easy to extend partitions inside the LVM using diskdrake, while running! From command line you can even do snapshots. I always use LVM even when no encryption is needed, ju just dont tick that box. So IF there shopuld be an encryption check box for automatic partitionin i would strongly suggest it use LVM, and vreate /, /home /swap within, and maybe leave 30% inside LVM unused, for user to extend into when whatever partition need that.
CC: (none) => fri
Thanks for your comment Morgan. It gets away from the 'automatic allocation' aspect that psyca is talking about - keep it simple. The moment you go beyond that, it is clearly up to you. I was just hoping to see whether there is an *easy* place where the option he requests could be slipped in. Perhaps nowhere. I have to retire from this now, so CC'ing Martin who is wise about all this. This can be easily closed 'wontfix', I hope with no hard feelings.
CC: lewyssmith => mageia
Created attachment 11547 [details] installer I was thinking like an encryption setup similar to OpenSUSE (top) or Ubuntu (bottom)...
But ok...
Status: NEW => RESOLVEDResolution: (none) => WONTFIX
This is a valid feature enhancement, but it still needs someone doing the coding....
CC: (none) => tmb
note that we now have systemd 245 which has the new *-homed that is another approach to this encryption...