Ubiquity installer allows encrypting home folder even if /home is already on an LUKS-encrypted partition

Bug #1307003 reported by ejik on 2014-04-12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
elementary OS
ubiquity (Ubuntu)

Bug Description

Ubiquity installer shows "Encrypt my home folder" checkbox that activates eCryptFS even if /home is already on an LUKS-encrypted partition, and it is unchecked by default. This is confusing and often results in the superfluous ecryptfs-over-LUKS setup for people opting for encryption. Instead, the checkbox should be either checked and made insensitive when /home is on a LUKS-encrypted partition.
Alternatively, showing a warning when trying to enable eCryptFS over LUKS is also an option.

Fabrizio Ferrai (fferrai) wrote :

They are actually different things: LUKS is unlocked at boot, while eCryptFS is unlocked at login. In this way, the encrypted home folder is not accessible even from root account if the user isn't logged in.
But I agree, it may be confusing.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubiquity (Ubuntu):
status: New → Confirmed

This is still the state of affairs as of Yakkety (ubiquity 16.10.4); also confirmed for Xenial (ubiquity and Trusty (ubiquity

IMHO Fabrizio makes a convincing case of why this is useful functionality in some cases.

I agree with both ejik and Fabrizio that the way the installer currently works can be confusing though. I’d suggest that, when a user selects home folder encryption having previously selected LUKS encryption for the partition /home is on, an alert window be popped to remind the user that the partition their home folder is on is already encrypted, and what the use case of using eCryptFS over LUKS is.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers