Encryption on a multi-boot computer
To gain some privacy (and stuff like this), I would like to encrypt my data.
I'm not looking for the absolute best secure method in the world because :
- I know it doesn't exist
- I'm not that paranoiac, the idea is to prevent somebody to access my data (too easily) if I loose my laptop somewhere
I've found many solution on the web with LUKS or eCryptFS but I still have the problem that I'm working on a multiboot system.
I've now two different OS (archlinux and ubuntu) but maybe in 5 month, I'll install debian or fedora (I'd like to try LFS once)... Once I had 4 working systems installed.
To make the use of different system easier, I'm using a partition to store my personal data which are not related to a specific distribution (music, documents,...). This partition should be encrypted but also the /home folder because my thunderbird profile and stuff like that contains informations I'd rather to keep private.
To still make it harder, I want to use LVM to manipulate easily my partitions.
The idea for the encryption process is that at startup, we ask me the password and without this password, no way somebody can access any home or the data partition.
I've found a solution with LUKS which is working well with LVM (on the arch wiki search for LUKS) but it works for a simple system only.
For example I create /dev/sda1 (~100mb) for the /boot folder and the rest is on /dev/sda2 which is encrypted and use LVM.
Great but if I want to have a dual-boot, I need sda1 and sda2 each for a boot folder and sda3 for the rest. 4 distributions, 4 boot partitions.
Not the best way... (but still the best I could find)
With eCryptFS, again if I understood well, it's working differently as it create each time a folder .Private containing the encrypted data.
So if I want to have a dual-boot, I need to create 3 encrypted folders (/home distro 1, /home distro 2 and the shared partition). And that's the problem because I don't see how I can use the same encryption process for the 3 so that if I boot on the first or the second distribution, there is almost no difference to decrypt the two required folder. And even for one distribution, I still have two folder to decrypt (with one password would be nice).
And if I want to install a third distribution, I need to create another encrypted folder and it'll still works the same way ?
Or maybe you know another way to solve my problem.