http://nguipxnkrp3qrzrlduhsatpcpwehnblzmlkc5ifiumxq4z5jlh4lwvid.onion/os_archive/os_Secure_OS_37.html
One needs to trust their USB or SATA ports isn't physically tampered with if one tries to decrypt an external storage connected to your system, one or more hardware variables are gone because ecryptfs works on top of an existing filesystem without the need of making a separate storage space to mount it on, but on the downside, ecryptfs doesn't use super secure encryption protocols and is buggy for systemd and maybe linux-grsec based kernels.