• Andrius Štikonas
    link
    41 year ago

    Regarding /boot, it can be encrypted as long as your bootloader can decrypt it, for example GRUB can decrypt LUKS encrypted partitions (albeit somewhat slowly). And the only partition that really has to be unencrypted is UEFI system partition (ESP), where bootloaders are located.