full-disk encryption should hide/de-emphasize encrypted homedirs

Bug #1055797 reported by Steve Langasek on 2012-09-24
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ubiquity (Ubuntu)
Low
Mathieu Trudel-Lapierre

Bug Description

A customer has noted that in the quantal installer, if you choose full-disk encryption with LUKS you are then *also* offered the option to enable homedir encryption with ecryptfs. The latter option should probably be de-emphasized when LUKS has been chosen.

Steve Langasek (vorlon) wrote :

Dmitrijs, this isn't critical to fix for quantal, but as you're hip-deep in the relevant code I thought I'd bring this to your attention in case you think it's an easy fix.

Changed in ubiquity (Ubuntu):
assignee: nobody → Dmitrijs Ledkovs (xnox)
importance: Undecided → Low
status: New → Triaged
Dimitri John Ledkov (xnox) wrote :

I will talk with mpt about this one.

My argument is that ecryptfs still has its use-cases even with the full disk encryption enabled, e.g. in multi-user/mutli-admin environment.

On the other hand, I do agree that ecryptfs is easy to enable/disable post-install and that full-disk encryption covers more encryption/privacy use cases.

tags: added: needs-design
Mark Russell (marrusl) wrote :

It's deselected by default; maybe a warning could appear if you select it: "You have already selected full disk encryption. Are you sure you want to also encrypt home directories?"

I agree there's a potential use case. But it must be pretty rare. FDE seems to be more often enforced on laptops, which aren't usually multi-user. You could hide it and allow for preseeding or warn?

Thanks.

Changed in ubiquity (Ubuntu):
assignee: Dimitri John Ledkov (xnox) → Mathieu Trudel-Lapierre (mathieu-tl)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers