12.4. Understanding Encryption
Fedora includes functions to encrypt your storage. You may find
this function useful if you have a laptop or if you worry about
your disk storage falling out of your control. This disk
encryption requires you to provide an additional passphrase at
boot time or whenever you first access the disk storage.
You may choose to encrypt either all partitions, or only selected
ones. A typical use case includes encrypting partitions
containing /home
, /var
, and /tmp
, along with the swap partition.
There is usually no need to encrypt /usr
, since this directory usually
contains only system executables and libraries that have no
intrinsic privacy value. The /boot
partition is never encrypted
and should not be used for sensitive data.
To make the encryption effective, choose a good passphrase.
Note the use of the term "passphrase", as opposed to the term
"password." This is intentional. Utilizing a phrase containing
multiple words increases the security of your data.