Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.
Launchpad Entry: dm-crypt
Packages affected: partman-crypto, partman, usplash
We already have the necessary components to set up encrypted partitions (including /). We describe the goals for Ubuntu and the remaining work that needs to be done to get convenient support for those in the installer.
Both the graphical and the alternate installer now support encrypting the hard disk. This provides reliable data security (limited by the strength of the chosen password, of course) for machines which are switched off, like stolen or raided equipment.
This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified.
- data migration, if any
- redirects from old URLs to new ones, if any
- how users will be pointed to the new way of doing things, if necessary.
To be added when the features are implemented.
BoF agenda and discussion
We are talking about crypted blockdevices, not 'real' crypted filesystems.
- encrypted swap
- suspend/resume from crypted swap
- encrypted home directory
- encrypted sub-area (lack of plausible deniability)
- boot from crypted /
- encrypted removable media
- keys on removable media
Keep in mind possible compatibility with other cross-platform / Linux-volumes compatible tools like TrueCrypt, OTFE and BestCrypt. Migration from existing volumes created using those may be another use case.
- 'plain' dm-crypt
luks (<= we want this); see the spec at http://luks.endorphin.org/spec
- Look at existing code:
luks-tools in Fedora Extras: http://www.flyn.org/easycrypto/easycrypto.html
* Look at existing GUIs:
TrueCrypt and Free OTFE (keep licensing in mind, those are not entirely free )
luks-tools screenshots: http://www.flyn.org/projects/luks-tools/index.html
- crypted / with seperate unencrypted home
- crypted PV, and put a VG and several LV like swap, /, /home, etc. there
- default to LUKS, manual installer should also support plain dmcrypt
- the manual partitioner needs to offer a choice for luks, the automatic partitioner can just use luks
- teach usplash about entering passphrases (it already has this: INPUTQUIET command)
- VT switching should either allow
- cryptsetup / cryptdisks
- pam_mount / luks
- Removable media usage examples
There's an Ubuntu 2007 GSoC project related to this http://code.google.com/soc/ubuntu/appinfo.html?csaid=EF4FCF874D88234
- Not possible to do without a separate /boot (not at least at this point), since the default 'wipe my disk' option does not provide /boot
- Possibility: Write a separate conversion tool which offers to resize partitions, make room for /boot, and convert / (and other partitions) on the fly. This is not sufficiently reliable and should not be attempted, unless it integrates the backup workflow.
crackful idea: if they haven't filled their drives, resize / to half size, build encrypted PV/LV and copy data over, delete original and add original / device as an additional encrypted PV. But in all cases, I suspect backup/install/restore is easier.
- Cryptsetup and other important packages are all in universe, preventing effective support based on assumptions of regular and effective feature / security updates enterprise systems would rely on.
- teach usplash about cryptsetup
- Re-work the cryptsetup MIR, the current issues are not fundamentally blocking it, only needs better information.