For more security: Overwrite empty disk space option is ignored

Bug #1602155 reported by N. W. on 2016-07-12
264
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ubiquity (Ubuntu)
High
Unassigned

Bug Description

Hi,

as far as I understand, the "Encrypt the new Ubuntu installation for security" option in the Ubuntu installer is meant to provide full disk encryption.

However, when using that option, it seems like as if the encryption would finish instantly, it literally does not seem to take any time at all.

When using BitLocker on Windows to encrypt the entire disk, it can take hours to fully encrypt the disk, even on SSDs. With BitLocker and other encryption tools like DiskCryptor or TrueCrypt for example, there's also a progress indicator, which shows how much of the disk is encrypted already.

Why is that not the case with the "Encrypt the new Ubuntu installation for security" option in the Ubuntu installer?

Even on my 1 TB SSD the encryption seems to be set up instantly and there's no progress indicator whatsoever.

How's that possible?

Someone on the forum said:

> http://ubuntuforums.org/showthread.php?t=2330425&p=13516293#post13516293
>
> Data doesn't become encrypted until written

But if that would be true, then the "Encrypt the new Ubuntu installation for security" option in the installer is not full disk encryption at all.

If he is correct, then it does not encrypt the entire disk then. It only encrypts used disk space. The empty space is not encrypted then.

At least with BitLocker you have the option to choose between encrypting used disk space only or encrypting the entire disk, see following screenshot for example:

https://i-technet.sec.s-msft.com/en-us/windows/jj983729.bitlocker-screen(en-us,MSDN.10).jpg

On the forum it was also mentioned that:

> http://ubuntuforums.org/showthread.php?t=2330425&p=13516293#post13516293
>
> If you want to randomly initialize the storage areas PRIOR to writing anything,
> that will take some. I seem to recall it being an optional checkbox for the installation.

And, indeed, there is a "For more security: Overwrite empty disk space (The installation might take much longer.)" option on the next screen after the screen which has the "Encrypt the new Ubuntu installation for security" option.

Now, the question is: If that option is checked, does it just overwrite the empty disk space? Or does it also encrypt it?

I was assuming that it only overwrites it with zeros before encrypting it. I was assuming that the entire disk would be encrypted anyway using the Encrypt the new Ubuntu installation for security" option, regardless of the "For more security: Overwrite empty disk space (The installation might take much longer.)" option.

Regards

N. W. (nw9165-3201) on 2016-07-12
information type: Public → Public Security
description: updated
Phillip Susi (psusi) wrote :

There is no data on the drive yet, so there isn't a lot of work to be done. All it has to do is configure the system to encrypt everything that gets written to the disk from now on.

Changed in ubiquity (Ubuntu):
status: New → Invalid
Seth Arnold (seth-arnold) wrote :

If we have a button or text somewhere that says "For more security: Overwrite empty disk space (The installation might take much longer.)" then it _really_ should overwrite the empty space with random data before encrypting or with zeros after encrypting, so that there's plausible "the whole disk was overwritten with random data to decommission it".

Do we have such text?
Do we not overwrite the blank space?

Thanks

Changed in ubiquity (Ubuntu):
status: Invalid → Incomplete
SamInside (sam-inside-89) wrote :

The option "For more security: Overwrite empty disk space (The installation might take much longer.)" is completely ignored.
Pleas OP edit the first post to make clear that this is the very bug.
In fact, if not for this option checked, Ubiquity behaviour would be correct. But it isn't, because it is ignoring the hard drive wipe that the user explicitly requested by checking that option.

Changed in ubiquity (Ubuntu):
status: Incomplete → Confirmed
Phillip Susi (psusi) on 2016-10-04
summary: - "Encrypt the new Ubuntu installation for security" option does not seem
- to provide proper full disk encryption?
+ For more security: Overwrite empty disk space option is ignored
Changed in ubiquity (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers