Ubuntu
ubiquity package

Ubiquity needs support for fscrypt

Bug #1842417 reported by Redsandro
134
This bug affects 31 people
Affects Status Importance Assigned to Milestone
ubiquity (Ubuntu)
Confirmed
Wishlist
Unassigned

Bug Description

Home encryption using ecryptfs was removed in Ubuntu 18.04 for reasons. Full disk encryption was recommended as an alternative, and set as the one-size-fits-all solution in ubiquity.

Not everyone agrees that encrypting the entire disk is the best alternative. Some prefer a more lightweight solution. Others have families and like to share a laptop, perhaps even with an unprivileged password-less guest account, and family members want to encrypt their home with a personal password.

Can we re-introduce (an option to choose) home encryption using fscrypt? Not only was this suggested (prematurely) by the Ubuntu 18.04 release notes, it's also feature-complete now with v2 kernel encryption policy patches merged in kernel 5.4, which is the default kernel on Ubuntu 20.04 LTS.

Setup
-----

Steps that would need to be scripted in ubiquity are as simple as:

```
apt install fscrypt libpam-fscrypt
fscrypt setup
fscrypt setup /
fscrypt setup /home ## only if home is on a separate partition
fscrypt encrypt /home/$USERNAME
```

For the rest you can probably re-use the ubiquity widgets and detection code from the ecryptfs days.

Keep in mind that the fscrypt packages on the Ubuntu repositories are outdated. See: https://bugs.launchpad.net/ubuntu/+source/fscrypt/+bug/1882993

Resources
---------

Fscrypt ext4 native encryption documented on Kernel.org
https://www.kernel.org/doc/html/v5.4/filesystems/fscrypt.html

Build instructions
https://github.com/ebiggers/fscrypt#fscrypt-

Fscrypt on Arch Linux
https://wiki.archlinux.org/index.php/Fscrypt

See original description
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubiquity (Ubuntu):
status: New → Confirmed
Revision history for this message
Tim Ritberg (xpert-reactos) wrote :

Yes, please. Goog idea.

Revision history for this message
Redsandro (redsandro) wrote :

Please give this issue some love too:
https://bugs.launchpad.net/ubuntu/+source/fscrypt/+bug/1882993

description: updated
summary: - Consider reintroducing home encryption using fscrypt
+ Ubiquity needs support for fscrypt
Revision history for this message
wysiwyg31 (wysiwyg31) wrote :

I think some problem has to be considered: as far as I understood, the folder /.fscrypt shall not be deleted (risk to loose access to your data?)
if yes, it's a bit risky in case you re-install system on / with a separated encrypted /home that you want to keep.

I also would like to add an other issue of full disk encryption: it need to enter password at boot on the machine...it cannot be done remotely.
So if you need remote connexion to a powered-off device (with wake on lan) or a rebooted device (for example due to power interruption), it's not possible.

Revision history for this message
Redsandro (redsandro) wrote :

> I think some problem has to be considered: as far as I understood, the folder /.fscrypt shall not be deleted (risk to loose access to your data?)
> if yes, it's a bit risky in case you re-install system on / with a separated encrypted /home that you want to keep.

When you set up your encrypted home using the fscrypt tool and it detects that /home is not the same as /, it will offer to create a recovery protector. This creates a file in your home called fscrypt-recovery-passphrase.txt (or something like that) that needs to be written down (similar to ecryptfs). This protector is stored on /home/.fscrypt.

This means you can unlock the directory on a different (or new) system, and once unlocked, you can create a new login protector.

I assume ubiquity can be scripted to detect a pre-existing user home was encrypted using fscrypt, query for the recovery protector passphrase, unlock the directory, and add add a login protector.

> I also would like to add an other issue of full disk encryption: it need to enter password at boot on the machine.

I hadn't even thought about that because I never use full disk encryption. Some will argue that this is the point as it is more secure, but I would argue that you should have the choice to use your computer in a more versatile manner while still being able to protect your personal files from raw disk reading with a bootable usb stick. Options could be presented:

Encryption options:

* Full Disk Encryption - (Recommended) Best security. Suitable for single user hardware.
* Home Encryption - Good security. Suitable for shared family computers and WoL.
* No Encryption - No security. Good for guests and internet cafes.

Revision history for this message
Redsandro (redsandro) wrote :

Note that the above was added in fscrypt 0.2.6 (january 2020), and it is described here:
https://github.com/google/fscrypt/pull/167

Ubuntu still packages 0.2.5 (september 2019)

Sebastien Bacher (seb128)
Changed in ubiquity (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Thiago Martins (martinx) wrote :

I do want home-based encryption but, what about the new `systemd-homed`?

Revision history for this message
Redsandro (redsandro) wrote :

That's a "no" on Ubuntu 22.10?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.