Hi, I just started trying out NomadBSD, and I elected to set up encryption with geli. After rebooting, I was curious to see what the mounts looked like. Maybe I’m just misunderstanding what I’m looking at, but from what I understand the encrypted part of the disk is mounted under /data, and would be the device referred to under /dev/label/nomaddata (which also has a corresponding .eli file, which nomadroot does not).
There are some entries in fstab where for example /data/var/db is mounted as /var/db, but since /dev/label/nomadroot is mounted as / and /home has no mount, wouldn’t that mean that all the contents of user home directories are written unencrypted to disk?
I guess my questions are:
- Is my observation correct that anything under
/homewill not be encrypted? If so, is this a conscious design choice? - How would one ensure the home directory is actually encrypted, simply move
/hometo/dataand mount/data/homeas/home? - Is there anything else that isn’t encrypted but maybe should be?
Thanks.