Hi, I just started trying out NomadBSD, and I elected to set up encryption with
geli. After rebooting, I was curious to see what the mounts looked like. Maybe I’m just misunderstanding what I’m looking at, but from what I understand the encrypted part of the disk is mounted under
/data, and would be the device referred to under
/dev/label/nomaddata (which also has a corresponding
.eli file, which
nomadroot does not).
There are some entries in
fstab where for example
/data/var/db is mounted as
/var/db, but since
/dev/label/nomadroot is mounted as
/home has no mount, wouldn’t that mean that all the contents of user home directories are written unencrypted to disk?
I guess my questions are:
- Is my observation correct that anything under
/homewill not be encrypted? If so, is this a conscious design choice?
- How would one ensure the home directory is actually encrypted, simply move
- Is there anything else that isn’t encrypted but maybe should be?