我有一台新机器:
- 8GB RAM
- 512GB固态硬盘
- 1TB高清
And I want to dual boot with Windows 10, I will be spending most of the time in Ubuntu doing software development + personal use, and will use Windows only for gaming or Mathematica. I also want to encrypt the drives, following the tutorial Encrypting disks on Ubuntu 19.04.
但是,我了解Windows 10使用bitlocker类型加密,而Ubuntu将使用LUKS + LVM类型加密,因此我将无法从Ubuntu访问Windows文件,反之亦然。因此,我不会加密Windows驱动器(因为我没有在其中存储任何敏感数据),而是在考虑以下方案:
固态硬盘:
- EFI system partition (from Windows), whatever the size on the SSD
- Windows 10 system 250GB
/boot500MB (necessary for encryption)/150GB (*encrypted)/home100GB (*encrypted)/swap4GB (*encrypted)
硬盘:
sdb1NTFS shrunk windows data partitionsdb2NTFS shared data partitionsdb3(*encrypted) private data partition
现在我有以下问题:
I am not sure if I need a separate
/homepartition. I don't use other distros and I usually stay with one Ubuntu version (LTS) until the end of support (stability is an important feature for me). On the other hand, with the encrypted/and/home, they may be more reliable as separate partitions so that if one is corrupted the other stays OK. What do you advise? Also note that my/is much larger than/home, that's because most of the files will be on the shared HDD partition and I will symlink~/Downloadsand other folders. On my previous machine, after installing many packages (the python ecosystem is huge) I found that/fills up pretty quickly. Does that make sense?Should I get rid of the shared data partition and just mount the Windows drives? On my previous machine, I used to just mount the Windows drives in Ubuntu and copy files to/from there. But sometimes it wouldn't mount because of the way Windows shut down.
The reason for a separate encrypted private data partition is that I want to be able to access files from Windows and I don't really care to encrypt movies or music files, only important stuff like tax docs or private data. I am also not sure if encrypting movies harms performance. Like, if I have a 10GB 4K movie that doesn't fit in RAM, will it stutter if the CPU has to decrypt it on the fly?
最佳答案
1)如果要重新安装系统(例如,用18.04而不是16.04),并且不想将所有数据备份到外部存储中,则将/ home和/分开很有用。但是,由于软件包不兼容,最好删除点文件。至于可靠性,如果您的/ home损坏了,活着/不会为您提供帮助。无论如何,在这种情况下,请将LUKS标头保存到外部安全存储中。另一方面,拆分会限制您的/和/ home,如果您在先前的设置中只有一个分区,则python包位于同一分区上,并且可能使用系统和用户之间共享的空间。如果您每两年升级一次,并且数据位于外部硬盘上,那么我认为您无需拆分。
2) I have disks C: and D: on Windows, because system disk (C:) contains many windows system files which are unused on linux, but it looks not ok, So I have shared D: between systems, on which I store large files (I have only 256Gb SSD and 750Gb HDD) and C: is only for Windows system.
3)快速运行时,LUKS解密速度足够快,不需要解密整个文件,但是仍然有一些开销,例如,如果以最大速度(〜500Mb / s)从SSD读取数据,LUKS将会明显使用CPU。不加密电影/音乐/不敏感数据的主要原因是很难在Windows上挂载LUKS(甚至不确定,这是可能的)。
