EncryptedFilesystemsInstaller

Revision 1 as of 2007-05-18 12:13:50

Clear message

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

  • Launchpad Entry: dm-crypt

  • Packages affected: partman-crypto, partman, usplash

Summary

We already have the necessary components to set up encrypted partitions (including /). We describe the goals for Ubuntu and the remaining work that needs to be done to get convenient support for those in the installer.

Release Note

Both the graphical and the alternate installer now support encrypting the hard disk. This provides reliable data security (limited by the strength of the chosen password, of course) for machines which are switched off, like stolen or raided equipment.

Rationale

This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified.

Use Cases

Assumptions

Design

Implementation

UI Changes

Code Changes

Migration

Include:

  • data migration, if any
  • redirects from old URLs to new ones, if any
  • how users will be pointed to the new way of doing things, if necessary.

Test/Demo Plan

To be added when the features are implemented.

Outstanding Issues

BoF agenda and discussion

We are talking about crypted blockdevices, not 'real' crypted filesystems.

Use cases:

  • encrypted swap
  • suspend/resume from crypted swap
  • encrypted home directory
  • encrypted sub-area (lack of plausible deniability)
  • boot from crypted /
  • encrypted removable media
  • keys on removable media

Keep in mind possible compatibility with other cross-platform / Linux-volumes compatible tools like TrueCrypt, OTFE and BestCrypt. Migration from existing volumes created using those may be another use case.

Possible implementations:

User interface:

* Look at existing GUIs:

[1] http://www.truecrypt.org/license.php, http://www.freeotfe.org/docs/licence.htm

Partitioning:

  • crypted / with seperate unencrypted home
  • crypted PV, and put a VG and several LV like swap, /, /home, etc. there
  • default to LUKS, manual installer should also support plain dmcrypt
  • the manual partitioner needs to offer a choice for luks, the automatic partitioner can just use luks

Passphrase entering:

There's an Ubuntu 2007 GSoC project related to this http://code.google.com/soc/ubuntu/appinfo.html?csaid=EF4FCF874D88234

Automatic conversion:

  • Not possible to do without a separate /boot (not at least at this point), since the default 'wipe my disk' option does not provide /boot
  • Possibility: Write a separate conversion tool which offers to resize partitions, make room for /boot, and convert / (and other partitions) on the fly. This is not sufficiently reliable and should not be attempted, unless it integrates the backup workflow.
    • crackful idea: if they haven't filled their drives, resize / to half size, build encrypted PV/LV and copy data over, delete original and add original / device as an additional encrypted PV. But in all cases, I suspect backup/install/restore is easier. Smile :)

Outstanding issues:

  • Cryptsetup and other important packages are all in universe, preventing effective support based on assumptions of regular and effective feature / security updates enterprise systems would rely on.

TODO:

  • teach usplash about cryptsetup
  • Re-work the cryptsetup MIR, the current issues are not fundamentally blocking it, only needs better information.


CategorySpec