sandbox
Differences between revisions 3 and 61 (spanning 58 versions)
|
Size: 5063
Comment:
|
← Revision 61 as of 2017-04-04 18:58:46 ⇥
Size: 1182
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = Full disk manual encryption = | #language en #pragma section-numbers on #title Manual Full System Encryption (with Extras) |
| Line 3: | Line 5: |
| ||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;"><<TableOfContents>>|| | ||<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;"><<TableOfContents(2)>>|| |
| Line 5: | Line 7: |
| == Purpose == | |
| Line 7: | Line 8: |
| This document is for you if you wish to use '''full-disk encryption''' with all of these features: | = Sandbox = |
| Line 9: | Line 10: |
| * LUKS * encrypted Boot * manual partitioning * LVM * encrypted hibernation * dual-booting (optional) * multi-disk installation (optional) |
|
| Line 17: | Line 11: |
| == Organisation === | A sandbox for Paddy Landau to develop documentation. |
| Line 19: | Line 13: |
| Because the default Ubuntu Installer does not support several of the above-mentioned features, the process is rather more complicated than one would like. Thus, this document is organised into several categories. | |
| Line 21: | Line 14: |
| 1. [[/Benefits|Background]], including benefits and downsides (pros and cons), and purpose 1. The [[/Basics|basics of]] partitioning, LUKS and LVM (for newbies) 1. A [[/Overview|high-level overview]] 1. The [[/Process|process]] in detail |
= Other pages = |
| Line 26: | Line 16: |
| == Background == | |
| Line 28: | Line 17: |
| === Default installation options === | Other pages by Paddy |
| Line 30: | Line 19: |
| The Ubuntu Installer provides two encryption options upon installation. | * [[https://help.ubuntu.com/community/PlayOnLinux|PlayOnLinux]] This is somewhat outdated, but could still be useful for a beginner wanting to use Wine. |
| Line 32: | Line 22: |
| 1. Encrypted home folder. This protects only your personal data, not the programs or anything else (although swap is encrypted). 1. Full-disk encryption, which protects everything, including the surreptitious installation of malware. |
* [[https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap|Enable hibernation with encrypted swap]] For older systems that use encrypted folders but nothing else encrypted. |
| Line 35: | Line 25: |
| Unfortunately, both of these options have important problems. | * [[https://help.ubuntu.com/community/PostInstallationEncryption|Post-installation encryption]] For older systems that don't have any encryption, this shows how to encrypt your folder. |
| Line 37: | Line 28: |
| 1. Encrypted home folder * Leaves the system open to anyone with physical access to install a keylogger or any other malware. * Hibernation isn't enabled. * Temporary files are stored by default on unencrypted `/tmp`, which is unencrypted, and can leave exposed data. 1. Full-disk encryption * You cannot dual-boot with another system, and your entire disk is wiped. So, if you have Windows, well, goodbye Windows! * Boot is unencrypted, leaving an open vector for malware. * It doesn't support manual partitioning; * or hibernation; * or dual-booting; * or multi-disk installation (e.g. SSD for the system and hard drive for Home). === The manual system === ==== The pros ==== * Full encryption using LUKS; * including Boot * Manual partitioning; * with LVM * Encrypted hibernation * Dual-booting * Multi-disk installation ==== The cons ==== There are, unfortunately, some cons. * It is a lengthy process to set up, and a small error can cause failure to boot (which is solvable, but with some difficulty). The installer should provide an automatic option to do this, but sadly it doesn't. * It is a little difficult for newcomers to Ubuntu, so if you're a newcomer: * You'll have to first learn a bit about partitioning and its naming standards in Linux. If you come from a Windows background, you'll also have to learn the difference between a disk and a partition, which Windows unhelpfully obscures. * You'll need to learn how to use the Terminal. It's easy (dead easy), but still. Actually, much if not all of these instructions can be done through GUI applications, but ironically that would be slower, more error-prone, and far more difficult to document. * It doesn't encrypt Windows or other systems. * Note: Encrypted Windows is in fact possible if you have sufficient RAM, a powerful-enough machine, and are willing to run it in a virtual machine. I contacted Microsoft, and the advisor told me that you can do this with the computer's existing Windows license, as long as the virtual machine stays on the computer to which Windows is licensed.) ==== Retrofitting encryption onto an existing system ==== You can retro-fit encryption onto an already-installed system, but these instructions do not cover how to do this. You would anyway probably find it significantly easier to do a full backup, install Ubuntu afresh as described here, and restore your data. == Why use encryption? == === What encryption protects === * If your computer is powered off, no one can access anything on your computer, nor can they install anything. For example, no one can plant keylogging software. This is important if you deal with sensitive customer information, secret government or business plans, and so forth. * If your computer is locked and unattended, the only way in is to restart your computer, which will of course leave it fully encrypted. Not even a Live CD can solve this. === What encryption doesn't protect === * The NSA sneaking software onto your computer while you are logged in and connected to the Internet. * Some nefarious person planting keylogging hardware into your computer. * Someone [[https://xkcd.com/538/|beating you over the head]] until you reveal your password. * A determined thief freezing your computer while it's on, and then checking the RAM to find your password. * You visiting dodgy sites and installing malware. Also note that anyone whom you allow to log on to your computer (even if they are not an administrator) will be able to modify programs and, if you don't use an encrypted home folder, will be able to access your data. |
* [[https://help.ubuntu.com/community/ManualFullSystemEncryption|Manual full-system encryption]] For newer systems (starting with Ubuntu 16.04), how to install Ubuntu fully encrypted, while optionally being able to dual-boot with other systems such as Windows. |
Contents |
1. Sandbox
A sandbox for Paddy Landau to develop documentation.
2. Other pages
Other pages by Paddy
- This is somewhat outdated, but could still be useful for a beginner wanting to use Wine.
Enable hibernation with encrypted swap
- For older systems that use encrypted folders but nothing else encrypted.
- For older systems that don't have any encryption, this shows how to encrypt your folder.
- For newer systems (starting with Ubuntu 16.04), how to install Ubuntu fully encrypted, while optionally being able to dual-boot with other systems such as Windows.
paddy-landau/sandbox (last edited 2017-04-04 18:58:46 by paddy-landau)