Hi everyone !
I’ve browsed a lot on this forum, and I never found any reliable way to achieve home-folder encryption with login password.
I’ve found posts talking about PAM rules, systemd-homed,… but everything I tried never worked as expected. Also, I never found good documentation on the subject, expect the one from the Arch wiki, but again the instructions didn’t work for my on a fresh Fedora 42/43 installation.
Does anyone know about how to encrypt the home dir with the login password ?
And I know it’s better to use LUKS FDE, however It would still be a good option for people who don’t want to deal with 2 passwords for they computer.
The issue is that if you ‘only’ encrypt /home/$USER, you leave the machine open to attacks where someone places malicious code on your disk. But an encrypted /home/$USER would protect (mostly) against theft.
In the end, it all depends on the attack scenario that you want to protect against.
building-a-new-home-with-systemd-homed-on-fedora has lots of information about systemd-homed. This post was created to bring forth information on the workings of this systemd component so that a wiki could be created from it’s knowledge.
It is hard to understand unless you read the whole post and ran into the issues mentioned in this post. It was also written before it was ready to be used on fedora.
ATM, the only necessary steps to use systemd-homed on fedora is to enable the systemd-homed PAM and to create and relabel your newly created home directory for it to function properly.