Shoe BillSorry if I'm not so eloquent here, tired.
Just had a wierd idea for security on, well, basically any Linux distribution AFAIK. I thought: what if you set up two users (for yourself), both "normal" as in non system users.
One is for convenience and not for security; we'll call the convenience user A.
Now, here's the catch: user A needs user B to log in, in order to do access their own secrets.
Unless I'm not understanding something here, you could probably do this by letting A login automatically but not user B, and making A's home directory exactly that normally, and use systemd-homed for B's home directory. Especially if you have full disk encryption anyway, just figure out some setup with a systemd service that unlocks A's keyring automatically, and also keep it in B's home directory, which is encrypted until they log in. So A logs in automatically, but they're logged out of everything in their own session until B logs in.
I simply cannot be the first person who's ever had this idea.
ottoto