UbiquityLUKSsupport

Launchpad entry: https://blueprints.launchpad.net/ubuntu/+spec/ubiquity-luks-support
More recent blueprint: https://blueprints.launchpad.net/ubuntu/+spec/foundations-o-ubiquity-lvm-luks
Created: 2008-01-17 by MatejKovačič

Summary

Alternate installer in Gutsy enables creation of encrypted partitions, however it uses dm-crypt and not cryptsetup with LUKS support. We need support for encrypted partitions in Ubiquity to create encrypted root, /home and other partitions (however /boot partition must remain unencrypted else we cannot boot the system). Dm-crypt does not allow user to change the password, but Cryptsetup with LUKS support enables use of up to seven different passphrases (or keyfiles), which can all be changed.

Rationale

Full disk encryption is ver important to prevent so called off-line attacks, for instance if you loose you laptop, or it is stolen. If you have your data encrypted, they can be protected in case of loss.

Full disk encryption is quite hard to implement in Ubuntu. It is described here for Feisty and the same procedure is working in Gutsy: https://help.ubuntu.com/community/EncryptedFilesystemHowto8

However, for encrypted partitions it is quite important to have a possibility to change your password or to have multiple passwords (for multiple users), which can be removed. "Traditional" dm-crypt does not enable this, but LUKS (Linux Unified Key Setup) does exactly that thing. LUKS is implemented in newer versions of Cryptsetup package.

So it would be nice to implement Cryptsetup with LUKS support in Ubiuity.

Scope and Use Cases

User should have an option to select whether s/he wants to have partition encrypted for all partitions on the system (root, /home, /swap, etc.)
If user enables encryption, there should be optioh where s/he wants to use passphrase, keyfile or random key (for swap). User should also select the "strength" of encryption (key-size)

3. System should then create encrypted partitons and create initrd scripts (run update-initramfs -u) automatically.

Requirements

Cryptsetup with LUKS support should be implemented in Ubiquity
The installer should display a simple "tick" to enable encryption
Creating of encrypted Ubuntu installation should be automatic

Guidelines for implementation

https://help.ubuntu.com/community/EncryptedFilesystemHowto8

CategorySpec

UbiquityLUKSsupport (last edited 2011-10-07 16:27:38 by 74-38-113-112)