sandbox
Differences between revisions 2 and 59 (spanning 57 versions)
|
Size: 3138
Comment:
|
Size: 1168
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| <<Include(WikiGuide/Toolkit/MenuBar)>> | #language en #pragma section-numbers on #title Manual Full System Encryption (with Extras) |
| Line 3: | Line 5: |
| = Full disk manual encryption = | ||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;"><<TableOfContents(2)>>|| |
| Line 5: | Line 7: |
| ||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;"><<TableOfContents>>|| | |
| Line 7: | Line 8: |
| == Background == | = Sandbox = |
| Line 9: | Line 10: |
| === Default installation options === | |
| Line 11: | Line 11: |
| The Ubuntu Installer provides two encryption options upon installation. | A sandbox for Paddy Landau to develop documentation. |
| Line 13: | Line 13: |
| 1. Encrypted home folder. This protects only your personal data, not the programs or anything else (although swap is encrypted). 1. Full-disk encryption, which protects everything, including the surreptitious installation of malware. |
|
| Line 16: | Line 14: |
| Unfortunately, both of these options have important problems. | = Other pages = |
| Line 18: | Line 16: |
| 1. Encrypted home folder * Leaves the system open to anyone with physical access to install a keylogger or any other malware. * Hibernation isn't enabled. * Temporary files are stored by default on unencrypted `/tmp`, which is unencrypted, and can leave exposed data. 1. Full-disk encryption * You cannot dual-boot with another system, and your entire disk is wiped. So, if you have Windows, well, goodbye Windows! * Boot is unencrypted, leaving an open vector for malware. * It doesn't support manual partitioning; * or hibernation; * or dual-booting; * or multi-disk installation (e.g. SSD for the system and hard drive for Home). |
|
| Line 30: | Line 17: |
| === The manual system === | Other pages by Paddy |
| Line 32: | Line 19: |
| ==== The pros ==== | * [[https://help.ubuntu.com/community/PlayOnLinux|PlayOnLinux]] This is somewhat outdated, but could still be useful for a beginner wanting to use Wine. |
| Line 34: | Line 22: |
| * Full encryption using LUKS; * including Boot * Manual partitioning; * with LVM * Encrypted hibernation * Dual-booting * Multi-disk installation |
* [[https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap|Enable hibernation with encrypted swap]] For older systems that use encrypted folders but nothing else encrypted. |
| Line 42: | Line 25: |
| ==== The cons ==== | * [[https://help.ubuntu.com/community/PostInstallationEncryption|Post-installation encryption]] For older systems that don't have any encryption, how to encrypt your folder. |
| Line 44: | Line 28: |
| There are, unfortunately, some cons. * It is a lengthy process to set up, and a small error can cause failure to boot (which is solvable, but with some difficulty). The installer should provide an automatic option to do this, but sadly it doesn't. * It is a little difficult for newcomers to Ubuntu, so if you're a newcomer: * You'll have to first learn a bit about partitioning and its naming standards in Linux. If you come from a Windows background, you'll also have to learn the difference between a disk and a partition, which Windows unhelpfully obscures. * You'll need to learn how to use the Terminal. It's easy (dead easy), but still. Actually, much if not all of these instructions can be done through GUI applications, but ironically that would be slower, more error-prone, and far more difficult to document. * It doesn't encrypt Windows or other systems. * Note: Encrypted Windows is in fact possible if you have sufficient RAM, a powerful-enough machine, and are willing to run it in a virtual machine. I contacted Microsoft, and the advisor told me that you can do this with the computer's existing Windows license, as long as the virtual machine stays on the computer to which Windows is licensed.) ==== Retrofitting encryption onto an existing system ==== You can retro-fit encryption onto an already-installed system, but these instructions do not cover how to do this. You will probably find it significantly easier to do a full backup, install Ubuntu afresh as described here, and restore your data. == Why use encryption? == |
* [[https://help.ubuntu.com/community/ManualFullSystemEncryption|Manual full-system encryption]] For newer systems (starting with Ubuntu 16.04), how to install Ubuntu fully encrypted, while optionally being able to dual-boot with other systems, say Windows. |
Contents |
1. Sandbox
A sandbox for Paddy Landau to develop documentation.
2. Other pages
Other pages by Paddy
- This is somewhat outdated, but could still be useful for a beginner wanting to use Wine.
Enable hibernation with encrypted swap
- For older systems that use encrypted folders but nothing else encrypted.
- For older systems that don't have any encryption, how to encrypt your folder.
- For newer systems (starting with Ubuntu 16.04), how to install Ubuntu fully encrypted, while optionally being able to dual-boot with other systems, say Windows.
paddy-landau/sandbox (last edited 2017-04-04 18:58:46 by paddy-landau)