Some of us are probably planning on traveling with the uConsole. If it gets lost though, anybody can pull your sd card out and go through all your files and read your business.
I did this, leaving 13GB in root partition unencrypted. Now I have almost 8GB used in the root leaving me with only 5gb of free space. (64GB Card)
Question: what’s a good amount for the root partition to be safe?
I went through the alternative path – let the initrd loads the required driver and just go FDE.
Due to lacks of support AES acceleration on RP CM4 Broadcom SoC, I’d strongly suggest using alternative algorithm like xchacha12,aes-adiantum or xchacha20,aes-adiantum, which provide better performance compared to AES and provide reasonable security for it.
I have used fscrypt for home folder protection following Encrypting 🔐 a Home 🏡 in Raspberry Pi guide (with some small changes). From my PoV this could be easier and does not require to have separate partition for home folder / luks.
Actually Ubuntu uses something similar to thing path.
@Yochi, because it works like this. You do not encrypt files, you setup folder to have encrypted content.
You setup new empty user home folder to be encrypted, then just move files from your origin home folder to it and rename new to old. Steps should be done from root user. It is easier than it seems, the guide can help.