I'm also dual booting OS X and Ubuntu with a shared home partition formatted as HFS+. Getting the encryption to work nicely in Linux sounded pretty easy, but I couldn't figure out how to do it in OS X. My current solution is to store anything particularly sensitive in a TrueCrypt file...obviously not the best solution.
Out of personal interest: Did you get Linux to mount the HFS+ partition with R/W access with journaling enabled? I am also curious if you make any progress with encrypting the entire partition.
My system triple boots into OS X, Windows and Ubuntu. I have a home partition, formatted in HFS+.
What would be the best strategy for me to use? Should I just encrypt the home volume using something cross-platform like TrueCrypt, or is it practical (an maintainable) to do full-disk encryption in such an environment?
My home partition has very sensitive data and I've been putting off creating a TrueCrypt container for this data.
That sucks. I've used TrueCrypt for Windows and LUKS for Linux, but have never been a Mac guy so I haven't looked into that side of things. Google suggests that your main options are OSX's built-in FileVault to encrypt just your home directory (and optionally TC or something for additional non-system data), or PGP Whole Disk Encryption for a whopping $150. Or running a virtualized OSX within an encrypted container within a second OS, with all the extra boot time and performance hits that would entail.
I'd bet on something better coming out before too long given more interest (and laws) about encryption these days, but unless I've missed something, for now it looks like you're pretty much of out of luck for as good, complete, free solutions go.
It depends on what you want to do. Do you want full-disk encryption or just one encrypted partition/file? Personally I use full-disk encryption. From what I've read its recommended to encrypt the whole system and not just a partition if you don't want important data leaking into the non-encrypted parts of your system.
On Ubuntu Server I selected full LVM encryption during installation. Everything except the /boot is encrypted, which works great without too much overhead even on this aging 1,3 Ghz machine. I heard good things about TrueCrypt as well, which should work with OS X and Windows but I haven't used it myself.
Btw I did use Filevault on OS X for my whole disk and the experience was less than pleasant. Especially with resume and hibernation. This was with 10.3 (Panther), so it might be better now.
The option to encrypt your home folder is still there in Ubuntu 18.04 (which I set up only yesterday), and appears after you set up volumes upon initial user creation.
It is (funnily enough) even possible to enable _both_ kinds of encryption simultaneously.
I'd say that they don't use full-disk encryption _instead_ of home folder. They just prompt for it sooner (and it is not the same thing if you have a modestly old machine, or a machine you share with other users).
Oh silly me, I kind of assumed you where using OSX because someone made the comment that there's no option for full disk encryption. My bad. If I had an option to encrypt my whole disk that easily in OSX I'd take in a heart beat, not necessarily because I think it's better but because it's a solution and it's simple... because I can so to speak.
I don't think many people need whole-disk encryption; for the vast majority of situations, encrypted home directories are sufficient (and support for this is provided in OS X).
On that tangent, if you're an OS X user and like myself you can't quite muster the faith to use FileVault for your home folder, Disk Utility (or hdiutil at the terminal prompt) will allow you to create encrypted disk images to stash your sensitive stuff in.
What’s the story with full disk encryption on Ubuntu these days? Last time I checked (a while ago) it was a bit clunky, but now I’m considering a Linux desktop after 10 yrs of macOS and filevault, so checking my options. Thanks!
Unfortunately, the amount of time I spend running/breaking the development version of Ubuntu prohibits full disk encryption, but I do have /home encrypted. Is that "good enough"?
Encrypted database? I once tried a password keeper. I think it was called xpassword or something like that. After having a corrupted database twice within days, I pass.
I you want privacy your HDD should be encrypted anyway.
Out of personal interest: Did you get Linux to mount the HFS+ partition with R/W access with journaling enabled? I am also curious if you make any progress with encrypting the entire partition.
reply