12.4. Understanding Encryption
Fedora includes functions to encrypt your storage. You may find
this function useful if you have a laptop or if you worry about
your disk storage falling out of your control. This disk
encryption requires you to provide an additional passphrase at
boot time or whenever you first access the disk storage.
You may choose to encrypt either all partitions, or only selected
ones. A typical use case includes encrypting partitions
containing /home
, /var
, and /tmp
, along with the swap partition.
There is usually no need to encrypt /usr
, since this directory usually
contains only system executables and libraries that have no
intrinsic privacy value. The /boot
partition is never encrypted
and should not be used for sensitive data.
To make the encryption effective, choose a good passphrase. You
can find more information about good passphrases in Chapter 11, Set the Root Password.