sandbox

Differences between revisions 3 and 28 (spanning 25 versions)
Revision 3 as of 2017-03-13 18:24:05
Size: 5063
Editor: paddy-landau
Comment:
Revision 28 as of 2017-03-17 09:13:36
Size: 5878
Editor: paddy-landau
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Full disk manual encryption = #language en
#pragma section-numbers on
#title Full System Encryption with Extras
Line 3: Line 5:
||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;"><<TableOfContents>>|| ||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;"><<TableOfContents(2)>>||
Line 5: Line 7:
== Purpose ==
Line 7: Line 8:
This document is for you if you wish to use '''full-disk encryption''' with all of these features: = Purpose =


This document is for you if you wish to use '''full system encryption''' with all of these features:
Line 10: Line 14:
 * LVM
Line 12: Line 17:
 * LVM
and optionally any of these features:
Line 14: Line 21:
 * dual-booting (optional)
 * multi-disk installation (optional)		  * hybrid suspend
 * dual-booting
 * multi-disk installation
Line 17: Line 25:
== Organisation === As LVM is used, you can also use snapshots. This advanced topic is not covered here, but it is mentioned in the partitioning section.
Line 19: Line 27:
Because the default Ubuntu Installer does not support several of the above-mentioned features, the process is rather more complicated than one would like. Thus, this document is organised into several categories.
Line 21: Line 28:
 1. [[/Benefits|Background]], including benefits and downsides (pros and cons), and purpose
 1. The [[/Basics|basics of]] partitioning, LUKS and LVM (for newbies)
 1. A [[/Overview|high-level overview]]
 1. The [[/Process|process]] in detail		 = Caveats =
Line 26: Line 30:
== Background ==
Line 28: Line 31:
=== Default installation options === It is important for you to know the possible limitations (described in the [[/Background|Background]]) and the potential problems.
Line 30: Line 33:
The Ubuntu Installer provides two encryption options upon installation.  * Always, when you install a system, there is a chance of '''data loss'''. No matter how careful you are, sometimes a person makes a silly mistake. For example, you accidentally delete the Windows partition. Or, something else can go wrong (I've had an installation cause data loss because a previously-unused part of the hard drive was faulty and caused it to crash). Therefore:
Line 32: Line 35:
 1. Encrypted home folder. This protects only your personal data, not the programs or anything else (although swap is encrypted).
 1. Full-disk encryption, which protects everything, including the surreptitious installation of malware.		 {{{#!wiki warning
 Take a '''''full backup''''' of '''''all of your data''''' before you start the process.
}}}
Line 35: Line 39:
Unfortunately, both of these options have important problems.    If you know how to use [[http://clonezilla.org/|CloneZilla]], you would be well advised to back up your entire disk beforehand.
Line 37: Line 41:
 1. Encrypted home folder
  * Leaves the system open to anyone with physical access to install a keylogger or any other malware.
  * Hibernation isn't enabled.
  * Temporary files are stored by default on unencrypted `/tmp`, which is unencrypted, and can leave exposed data.
 1. Full-disk encryption
  * You cannot dual-boot with another system, and your entire disk is wiped. So, if you have Windows, well, goodbye Windows!
  * Boot is unencrypted, leaving an open vector for malware.
  * It doesn't support manual partitioning;
  * or hibernation;
  * or dual-booting;
  * or multi-disk installation (e.g. SSD for the system and hard drive for Home).		  * The process optionally enables '''hibernation'''. While this should work well, some people have reported hardware that doesn't support it. So, you will need to test this on your machine after installation.
Line 49: Line 43:
=== The manual system ===  * A consequence of full system encryption is that you need to type in your passphrase '''each time you power on''' your computer, including after hibernation.
Line 51: Line 45:
==== The pros ====    * An unfortunate and inconvenient quirk is that if you mistype the passphrase, you have to reboot your computer to try again. I do not know a way around this.
Line 53: Line 47:
 * Full encryption using LUKS;
 * including Boot
 * Manual partitioning;
 * with LVM
 * Encrypted hibernation
 * Dual-booting
 * Multi-disk installation		    * If you share your computer with anyone else, '''they need to know the passphrase''', even if they only use Windows.
Line 61: Line 49:
==== The cons ====    * You need a '''strong passphrase''' to prevent a hacker with physical access to your machine from breaking the encryption. You can look up "strong passphrase" for yourself; here's a [[https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/|pretty good method]] for paranoid mode.
Line 63: Line 51:
There are, unfortunately, some cons.  * Having a strong passphrase does not obviate the need for a '''good account password'''. Without a password, or with only a weak password:
   * You cannot lock the computer when it is unattended and powered on.
   * Anyone with physical access, or a hacker with Internet access, will find it easy to access your account and steal data or install malware such as a keylogger.
 Remember that the ''passphrase for your computer'' and the ''password for your account'' are not the same. One lets you access your computer in the first place, whereas the other lets you log in after you have accessed your computer.<<FootNote(In this context, the terms "passphrase" and "password" are interchangeable, but in this document, I use "passphrase" for your computer decryption, and "password" for your account login.)>>
Line 65: Line 56:
 * It is a lengthy process to set up, and a small error can cause failure to boot (which is solvable, but with some difficulty). The installer should provide an automatic option to do this, but sadly it doesn't.
 * It is a little difficult for newcomers to Ubuntu, so if you're a newcomer:
  * You'll have to first learn a bit about partitioning and its naming standards in Linux. If you come from a Windows background, you'll also have to learn the difference between a disk and a partition, which Windows unhelpfully obscures.
  * You'll need to learn how to use the Terminal. It's easy (dead easy), but still. Actually, much if not all of these instructions can be done through GUI applications, but ironically that would be slower, more error-prone, and far more difficult to document.
 * It doesn't encrypt Windows or other systems.
  * Note: Encrypted Windows is in fact possible if you have sufficient RAM, a powerful-enough machine, and are willing to run it in a virtual machine. I contacted Microsoft, and the advisor told me that you can do this with the computer's existing Windows license, as long as the virtual machine stays on the computer to which Windows is licensed.)		  * This process has been tested for a modern computer with EFI. See [[/Basics#EFI|Basics → EFI]] for further information.
Line 72: Line 58:
==== Retrofitting encryption onto an existing system ====  * Encrypting everything is more CPU-intensive. Modern computers tend to have fast multiple CPUs and dedicated AES (encryption) chips, so on a modern computer, this poses no problem at all. You would be likely to notice slower responses only on very old computers.
Line 74: Line 60:
You can retro-fit encryption onto an already-installed system, but these instructions do not cover how to do this. You would anyway probably find it significantly easier to do a full backup, install Ubuntu afresh as described here, and restore your data.  * This process has been test on Ubuntu 16.04 (Xenial Xerus) and partially on Ubuntu 16.10 (Yakkety Yak). It is unlikely to work on previous versions. It will probably will work on later versions, at least for a few years.
Line 76: Line 62:
== Why use encryption? ==
Line 78: Line 63:
=== What encryption protects === = Distributions other than Ubuntu =
Line 80: Line 65:
 * If your computer is powered off, no one can access anything on your computer, nor can they install anything. For example, no one can plant keylogging software. This is important if you deal with sensitive customer information, secret government or business plans, and so forth.
 * If your computer is locked and unattended, the only way in is to restart your computer, which will of course leave it fully encrypted. Not even a Live CD can solve this.
Line 83: Line 66:
=== What encryption doesn't protect === This process has not been tested on other Linux versions, but all Ubuntu-based distributions (, e.g. [[http://lubuntu.net/|Lubuntu]] and [[https://linuxmint.com/|Mint]]) are likely to work with this process.
Line 85: Line 68:
 * The NSA sneaking software onto your computer while you are logged in and connected to the Internet.
 * Some nefarious person planting keylogging hardware into your computer.
 * Someone [[https://xkcd.com/538/|beating you over the head]] until you reveal your password.
 * A determined thief freezing your computer while it's on, and then checking the RAM to find your password.
 * You visiting dodgy sites and installing malware.
Line 91: Line 69:
Also note that anyone whom you allow to log on to your computer (even if they are not an administrator) will be able to modify programs and, if you don't use an encrypted home folder, will be able to access your data. = Document Structure =


Because the default Ubuntu Installer supports only the first two of the above-mentioned features (i.e. LUKS and LVM), and even then only for full-disk encryption, this installation process is rather more complicated than you might prefer. Thus, this document is organised into several sections. They are intended to be read in the order given here.

 1. [[/Background|Background]]<<BR>>A summary of the options; features; benefits and downsides; and purpose and limitations.<<BR>>
 It contains important notes and further caveats, so please read the Background before proceeding.

 1. [[/Basics|Basics of]]…
    * Hybrid suspend
    * Command line interface (CLI), aka the terminal
    * EFI (aka UEFI)
    * Partitioning…
    * … including naming of partitions and file systems
    * LUKS
    * LVM
    * Text files, including how to edit them

 If you are new to Linux, or you don't know much about some or all of these features, this section is for you. You can safely skip the Basics if you are already familiar with all of these concepts.<<BR>>

 1. [[/Overview|High-level overview]]<<BR>>What this process will achieve, and what you need to do to prepare. It includes freeing space on your hard drive if your current system has taken it all.

 1. [[/Process|Detailed process]]<<BR>>Exactly how to prepare your system and install Ubuntu with encryption. Checkpoints are given along the way. It takes into account dual-booting and, optionally, paranoid mode.

 1. [[/Troubleshooting|Troubleshooting]]<<BR>>Sometimes something goes wrong and you struggle to figure out what. Errors and their messages can seem bewildering. Here are some pointers.

----
----------

1. Purpose

This document is for you if you wish to use full system encryption with all of these features:

  • LUKS
  • LVM
  • encrypted Boot
  • manual partitioning

and optionally any of these features:

  • encrypted hibernation
  • hybrid suspend
  • dual-booting
  • multi-disk installation

As LVM is used, you can also use snapshots. This advanced topic is not covered here, but it is mentioned in the partitioning section.

2. Caveats

It is important for you to know the possible limitations (described in the Background) and the potential problems.

  • Always, when you install a system, there is a chance of data loss. No matter how careful you are, sometimes a person makes a silly mistake. For example, you accidentally delete the Windows partition. Or, something else can go wrong (I've had an installation cause data loss because a previously-unused part of the hard drive was faulty and caused it to crash). Therefore:

  • Take a full backup of all of your data before you start the process.

  • If you know how to use CloneZilla, you would be well advised to back up your entire disk beforehand.

  • The process optionally enables hibernation. While this should work well, some people have reported hardware that doesn't support it. So, you will need to test this on your machine after installation.

  • A consequence of full system encryption is that you need to type in your passphrase each time you power on your computer, including after hibernation.

    • An unfortunate and inconvenient quirk is that if you mistype the passphrase, you have to reboot your computer to try again. I do not know a way around this.

    • If you share your computer with anyone else, they need to know the passphrase, even if they only use Windows.

    • You need a strong passphrase to prevent a hacker with physical access to your machine from breaking the encryption. You can look up "strong passphrase" for yourself; here's a pretty good method for paranoid mode.

  • Having a strong passphrase does not obviate the need for a good account password. Without a password, or with only a weak password:

    • You cannot lock the computer when it is unattended and powered on.
    • Anyone with physical access, or a hacker with Internet access, will find it easy to access your account and steal data or install malware such as a keylogger.

    Remember that the passphrase for your computer and the password for your account are not the same. One lets you access your computer in the first place, whereas the other lets you log in after you have accessed your computer.1

  • This process has been tested for a modern computer with EFI. See Basics → EFI for further information.

  • Encrypting everything is more CPU-intensive. Modern computers tend to have fast multiple CPUs and dedicated AES (encryption) chips, so on a modern computer, this poses no problem at all. You would be likely to notice slower responses only on very old computers.
  • This process has been test on Ubuntu 16.04 (Xenial Xerus) and partially on Ubuntu 16.10 (Yakkety Yak). It is unlikely to work on previous versions. It will probably will work on later versions, at least for a few years.

3. Distributions other than Ubuntu

This process has not been tested on other Linux versions, but all Ubuntu-based distributions (, e.g. Lubuntu and Mint) are likely to work with this process.

4. Document Structure

Because the default Ubuntu Installer supports only the first two of the above-mentioned features (i.e. LUKS and LVM), and even then only for full-disk encryption, this installation process is rather more complicated than you might prefer. Thus, this document is organised into several sections. They are intended to be read in the order given here.

  1. Background
    A summary of the options; features; benefits and downsides; and purpose and limitations.
    It contains important notes and further caveats, so please read the Background before proceeding.

  2. Basics of

    • Hybrid suspend
    • Command line interface (CLI), aka the terminal
    • EFI (aka UEFI)
    • Partitioning…
    • … including naming of partitions and file systems
    • LUKS
    • LVM
    • Text files, including how to edit them

    If you are new to Linux, or you don't know much about some or all of these features, this section is for you. You can safely skip the Basics if you are already familiar with all of these concepts.

  3. High-level overview
    What this process will achieve, and what you need to do to prepare. It includes freeing space on your hard drive if your current system has taken it all.

  4. Detailed process
    Exactly how to prepare your system and install Ubuntu with encryption. Checkpoints are given along the way. It takes into account dual-booting and, optionally, paranoid mode.

  5. Troubleshooting
    Sometimes something goes wrong and you struggle to figure out what. Errors and their messages can seem bewildering. Here are some pointers.

  1. In this context, the terms "passphrase" and "password" are interchangeable, but in this document, I use "passphrase" for your computer decryption, and "password" for your account login. (1)

paddy-landau/sandbox (last edited 2017-04-04 18:58:46 by paddy-landau)