git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

About complete full-disk encryption


Hello,

I have raised a request to modify the Ubuntu installation to allow for
full-disk encryption.

https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1773457

This is different from the current installer's full-disk encryption in two
important ways.

1. The current installer doesn't play nicely with other operating systems,
e.g. Windows. So, if you want full-disk encryption (for Ubuntu, at least)
but to retain Windows, you can't do this.

2. The current installer doesn't encrypt /boot.

The request covers both of these points. It encrypts everything apart from
the EFI System Partition (ESP) and already-existing operating systems, both
for obvious reasons.

WHY

I have raised this request because it provides maximum protection both
against accessing or modifying data and against adding malware if the
machine's physical security is compromised. It also allows the installation
to proceed even if Windows is already on the system, which is the usual
situation for most users. It is a great step towards tighter security.

IT'S ALREADY POSSIBLE AND DOCUMENTED

This full-disk encryption is already possible, playing nicely with other
operating systems and encrypting even /boot. It uses LVM within LUKS. You
can find the documentation in the Community Help:

https://help.ubuntu.com/community/ManualFullSystemEncryption

(There is one important complication in that updates to the kernel don't
update Grub correctly, which must be manually updated with a script
provided as part of the process. I believe that I know how to address this
shortfall by automating the running of the script, but due to other
priorities, it will take some time for me to test and document. Of course,
fixing the kernel updates would be preferable to this workaround, but I
don't know how to do so.)

OBJECTION

In the request's comments, I have been told that full-system encryption
should not be done because it's possible to load malware into the EFI
System Partition (ESP).

I personally disagree with that assessment because, if we were to accept
that argument, it would mean removing the installer's current ability for
full-disk encryption (where not only the ESP but also /boot are exposed),
and even removing the ability to encrypt /home (for non-full-disk
encryption, where the file system and even root are exposed).

This goes completely against current security advice, which recommends the
greatest possible encryption.

Although there might conceivably be a valid reason to reject my request,
this fact that the ESP is exposed absolutely isn't a good reason, and
contradicts the existing two abilities to encrypt.

After some toing and froing, I was advised to post to this list to raise
the issue. Hence, here we are!

IDEAS

Developers, do you have opinions, suggestions or other ideas, please?

Thank you

Paddy Landau
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20180627/fed9e0c0/attachment.html>