Encrypting the home directory ensures the privacy of your data should someone get his hands on your machine. Under the same scenario, full disk encryption would also gives you the guarantee the system hasn't been tampered with.
I've generally seen full disk encryption on a OS volume as a moot point. Why is there a need to have full disk encryption on a bootable volume, when the only thing you should be protecting from prying eyes is your content? Full disk encryption makes sense in a data volume, not in a bootable volume where just having a ~ directory and it's children encrypted covers mostly everyone's need for security.
I agree with you but to be precise full disk encryption does not provide any benefit that is not met by encrypting user writeable mounts. Encrypting /usr, /bin, /lib etc does nothing in this situation.
I think a better use case for this might be for the full partition to be encrypted with dm-crypt and then applications or users encrypt their data directories with ext4 directory encryption, though I could be wrong.
I don't think many people need whole-disk encryption; for the vast majority of situations, encrypted home directories are sufficient (and support for this is provided in OS X).
I can't recommend directory-level encryption when full-disk encryption is so easy these days. It's a few clicks in the Fedora installer or a few commands with Arch Linux. It comes out of the box on new MacBooks and most new Windows laptops (although the more secure BitLocker option requires Windows 10 Pro).
Directory-level encryption is harder to set up and use—it requires typing your passphrase more often and makes you choose third-party software instead of using the features built into your operating system. Plus, lots of important files, like your browser's autofill information and other files that aren't considered "critical", are left wide open.
Encrypting your home directory is better than encrypting the "TOP SECRET" directory, but it's still just as hard as setting up full-disk encryption while being less effective.
Almost agree 100%, but why would you encrypt the whole disk? There is no need for that. It's 100% free software availabe for anyone. Encrypt your home directory. And this has Ubuntu figured out quite nicely IMHO.
reply