FDE should optionally include extra partitions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
Ubuntu Core can be installed with FDE [ Full Disk Encryption ], as per this overview: https:/
It is also possible to add extra disk partitions to the disk layout, configured in gadget.conf, as per the details here: https:/
The term FDE implies that all areas of the disk which can be encrypted are encrypted [ excluding areas which are not practical to encrypt in any sensible way, for instance areas containing early boot executable ]. If you add extra partitions to the disk layout and the system is installed in FDE mode, the extra partitions are not encrypted, but technically could be.
In the case that systems are installed in FDE mode, any extra partitions without a system role should be optionally encrypted too.
The use case for extra partitions could be quite varied, but in our case we want to store some data in a place separate to the primary system-data volume, but as this data may be sensitive we would still like this data to be encrypted.
Please let me know if you want to know anything more about our use case and scenario.
Cheers,
Just
Changed in snappy: | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
affects: | snappy → snapd |