| 2018-05-25 21:18:28 |
Paddy Landau |
bug |
|
|
added bug |
| 2018-05-26 13:07:43 |
Paddy Landau |
summary |
Full-system encryption needs to be supported out-of-the-box |
Full-system encryption needs to be supported out-of-the-box including /boot |
|
| 2018-05-26 13:31:02 |
Paddy Landau |
summary |
Full-system encryption needs to be supported out-of-the-box including /boot |
Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems |
|
| 2018-05-26 13:31:48 |
Paddy Landau |
description |
In today's world, especially with the likes of the EU's GDPR and the many security fails, Ubuntu installer needs to support full-system encryption out of the box.
This means encrypting not only /home but also both root and /boot. The only parts of the system that wouldn't be encrypted are the EFI partition and the initial Grub bootloader, for obvious reasons.
Using LUKS and LVM, it is already possible...
https://help.ubuntu.com/community/ManualFullSystemEncryption
... but with one major limitation: Grub is incorrectly changed after an update affecting the kernel or Grub, so that a manual Grub update is required each time this happens (this is fully covered in the linked instructions).
If the incorrect Grub change is fixed, it should be (relatively) simple to support full-system encryption in the installer. |
In today's world, especially with the likes of the EU's GDPR and the many security fails, Ubuntu installer needs to support full-system encryption out of the box.
This means encrypting not only /home but also both root and /boot. The only parts of the system that wouldn't be encrypted are the EFI partition and the initial Grub bootloader, for obvious reasons.
It should also not delete other installed systems unless explicitly requested.
Using LUKS and LVM, it is already possible...
https://help.ubuntu.com/community/ManualFullSystemEncryption
... but with one major limitation: Grub is incorrectly changed after an update affecting the kernel or Grub, so that a manual Grub update is required each time this happens (this is fully covered in the linked instructions).
If the incorrect Grub change is fixed, it should be (relatively) simple to support full-system encryption in the installer. |
|
| 2018-06-14 14:54:28 |
Phillip Susi |
ubiquity (Ubuntu): status |
New |
Incomplete |
|
| 2018-07-02 17:28:20 |
Dan Streetman |
bug |
|
|
added subscriber Dan Streetman |
| 2018-07-31 09:51:34 |
Paddy Landau |
description |
In today's world, especially with the likes of the EU's GDPR and the many security fails, Ubuntu installer needs to support full-system encryption out of the box.
This means encrypting not only /home but also both root and /boot. The only parts of the system that wouldn't be encrypted are the EFI partition and the initial Grub bootloader, for obvious reasons.
It should also not delete other installed systems unless explicitly requested.
Using LUKS and LVM, it is already possible...
https://help.ubuntu.com/community/ManualFullSystemEncryption
... but with one major limitation: Grub is incorrectly changed after an update affecting the kernel or Grub, so that a manual Grub update is required each time this happens (this is fully covered in the linked instructions).
If the incorrect Grub change is fixed, it should be (relatively) simple to support full-system encryption in the installer. |
In today's world, especially with the likes of the EU's GDPR and the many security fails, Ubuntu installer needs to support full-system encryption out of the box.
This means encrypting not only /home but also both root and /boot. The only parts of the system that wouldn't be encrypted are the EFI partition and the initial Grub bootloader, for obvious reasons.
It should also not delete other installed systems unless explicitly requested.
On top of this, the previous method of encrypting data (ecryptfs) is now considered buggy, and full-disk encryption is recommended as an alternative. Unfortunately, the current implementation of full-disk encryption wipes any existing OS such as Windows, making the implementation unusable for most users.
Now, using LUKS and LVM, it is already possible to have full-disk encryption (strictly, full-partition encryption because it leaves any existing OS alone), while encrypting /boot. Reference:
https://help.ubuntu.com/community/ManualFullSystemEncryption
... but with one major limitation: Grub is incorrectly changed after an update affecting the kernel or Grub, so that a manual Grub update is required each time this happens (this is fully covered in the linked instructions).
If the incorrect Grub change is fixed, it should be (relatively) simple to support full-system encryption in the installer. |
|
| 2018-07-31 19:08:26 |
schamane |
bug |
|
|
added subscriber schamane |
| 2018-08-03 19:16:10 |
Milan Niznansky |
bug |
|
|
added subscriber Milan Niznansky |
| 2018-08-03 19:32:53 |
Milan Niznansky |
bug task added |
|
grub (Ubuntu) |
|
| 2018-08-03 21:14:26 |
Launchpad Janitor |
grub2 (Ubuntu): status |
New |
Confirmed |
|
| 2018-08-03 21:14:26 |
Steve Langasek |
affects |
grub (Ubuntu) |
grub2 (Ubuntu) |
|
| 2018-08-06 00:54:56 |
Launchpad Janitor |
grub2 (Ubuntu): status |
New |
Confirmed |
|
| 2018-08-06 00:55:02 |
Sami Ben Hatit |
bug |
|
|
added subscriber Sami Ben Hatit |
| 2018-08-07 08:28:17 |
Paddy Landau |
description |
In today's world, especially with the likes of the EU's GDPR and the many security fails, Ubuntu installer needs to support full-system encryption out of the box.
This means encrypting not only /home but also both root and /boot. The only parts of the system that wouldn't be encrypted are the EFI partition and the initial Grub bootloader, for obvious reasons.
It should also not delete other installed systems unless explicitly requested.
On top of this, the previous method of encrypting data (ecryptfs) is now considered buggy, and full-disk encryption is recommended as an alternative. Unfortunately, the current implementation of full-disk encryption wipes any existing OS such as Windows, making the implementation unusable for most users.
Now, using LUKS and LVM, it is already possible to have full-disk encryption (strictly, full-partition encryption because it leaves any existing OS alone), while encrypting /boot. Reference:
https://help.ubuntu.com/community/ManualFullSystemEncryption
... but with one major limitation: Grub is incorrectly changed after an update affecting the kernel or Grub, so that a manual Grub update is required each time this happens (this is fully covered in the linked instructions).
If the incorrect Grub change is fixed, it should be (relatively) simple to support full-system encryption in the installer. |
In today's world, especially with the likes of the EU's GDPR and the many security fails, Ubuntu installer needs to support full-system encryption out of the box.
This means encrypting not only /home but also both root and /boot. The only parts of the system that wouldn't be encrypted are the EFI partition and the initial Grub bootloader, for obvious reasons.
It should also not delete other installed systems unless explicitly requested.
On top of this, the previous method of encrypting data (ecryptfs) is now considered buggy, and full-disk encryption is recommended as an alternative. Unfortunately, the current implementation of full-disk encryption wipes any existing OS such as Windows, making the implementation unusable for most users.
Now, using LUKS and LVM, it is already possible to have full-disk encryption (strictly, full-partition encryption because it leaves any existing OS alone), while encrypting /boot. Reference:
https://help.ubuntu.com/community/ManualFullSystemEncryption
... but with one major limitation: Grub is incorrectly changed after an update affecting the kernel or Grub, so that a manual Grub update is required each time this happens (this is fully covered in the linked instructions).
If the incorrect Grub change is fixed, it should be (relatively) simple to support full-system encryption in the installer.
Further information (2018-08-17):
The NCSC recommends, "Use LUKS/dm-crypt to provide full volume encryption."
References:
• https://blog.ubuntu.com/2018/07/30/national-cyber-security-centre-publish-ubuntu-18-04-lts-security-guide
• https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts |
|
| 2018-08-11 21:06:47 |
Iason Manolas |
bug |
|
|
added subscriber Iason Manolas |
| 2018-08-15 15:22:23 |
Simon May |
bug |
|
|
added subscriber Simon May |
| 2018-08-16 11:42:41 |
morgents |
bug |
|
|
added subscriber morgents |
| 2018-09-06 06:28:55 |
Mario Vukelic |
bug |
|
|
added subscriber Mario Vukelic |
| 2018-09-10 12:54:29 |
Viktoria Nemkin |
bug |
|
|
added subscriber Viktoria Nemkin |
| 2018-09-11 18:24:43 |
Wes |
tags |
encryption installer luks |
bionic cosmic encryption installer luks |
|
| 2018-09-11 18:25:23 |
Wes |
marked as duplicate |
|
1514120 |
|
| 2018-11-13 07:51:59 |
Jarno Suni |
bug |
|
|
added subscriber Jarno Suni |
| 2018-12-10 21:48:23 |
Paulo |
bug |
|
|
added subscriber Paulo |
| 2019-03-15 10:00:05 |
semreh |
bug |
|
|
added subscriber semreh |
| 2019-04-24 10:20:07 |
Dan Streetman |
removed subscriber Dan Streetman |
|
|
|
| 2019-04-24 14:00:40 |
DJ |
removed duplicate marker |
1514120 |
|
|
| 2019-07-23 14:56:14 |
Tom Reynolds |
bug |
|
|
added subscriber Tom Reynolds |
| 2019-10-11 16:39:23 |
Xavier Gnata |
ubiquity (Ubuntu): status |
Incomplete |
Confirmed |
|
| 2019-10-11 16:40:16 |
Xavier Gnata |
bug |
|
|
added subscriber Xavier Gnata |
| 2020-02-19 19:48:29 |
Miguel |
bug |
|
|
added subscriber Miguel |
| 2020-04-04 10:12:30 |
Valentyn Kovalenko |
bug |
|
|
added subscriber Valentyn Kovalenko |
| 2020-04-06 09:55:04 |
Iason Manolas |
removed subscriber Iason Manolas |
|
|
|
| 2020-04-19 18:05:58 |
Paddy Landau |
description |
In today's world, especially with the likes of the EU's GDPR and the many security fails, Ubuntu installer needs to support full-system encryption out of the box.
This means encrypting not only /home but also both root and /boot. The only parts of the system that wouldn't be encrypted are the EFI partition and the initial Grub bootloader, for obvious reasons.
It should also not delete other installed systems unless explicitly requested.
On top of this, the previous method of encrypting data (ecryptfs) is now considered buggy, and full-disk encryption is recommended as an alternative. Unfortunately, the current implementation of full-disk encryption wipes any existing OS such as Windows, making the implementation unusable for most users.
Now, using LUKS and LVM, it is already possible to have full-disk encryption (strictly, full-partition encryption because it leaves any existing OS alone), while encrypting /boot. Reference:
https://help.ubuntu.com/community/ManualFullSystemEncryption
... but with one major limitation: Grub is incorrectly changed after an update affecting the kernel or Grub, so that a manual Grub update is required each time this happens (this is fully covered in the linked instructions).
If the incorrect Grub change is fixed, it should be (relatively) simple to support full-system encryption in the installer.
Further information (2018-08-17):
The NCSC recommends, "Use LUKS/dm-crypt to provide full volume encryption."
References:
• https://blog.ubuntu.com/2018/07/30/national-cyber-security-centre-publish-ubuntu-18-04-lts-security-guide
• https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts |
In today's world, especially with the likes of the EU's GDPR and the many security fails, Ubuntu installer needs to support full-system encryption out of the box.
This means encrypting not only /home but also both root and /boot. The only parts of the system that wouldn't be encrypted are the EFI partition and the initial Grub bootloader, for obvious reasons.
It should also not delete other installed systems unless explicitly requested.
On top of this, the previous method of encrypting data (ecryptfs) is now considered buggy, and full-disk encryption is recommended as an alternative. Unfortunately, the current implementation of full-disk encryption wipes any existing OS such as Windows, making the implementation unusable for most users.
Now, using LUKS and LVM, it is already possible to have full-disk encryption (strictly, full-partition encryption because it leaves any existing OS alone), while encrypting /boot. Reference:
https://help.ubuntu.com/community/ManualFullSystemEncryption
... but with one major limitation: Grub is incorrectly changed after an update affecting the kernel or Grub, so that a manual Grub update is required each time this happens (this is fully covered in the linked instructions).
If the incorrect Grub change is fixed, it should be (relatively) simple to support full-system encryption in the installer.
Further information (2018-08-17):
The NCSC recommends, "Use LUKS/dm-crypt to provide full volume encryption."
References:
• https://blog.ubuntu.com/2018/07/30/national-cyber-security-centre-publish-ubuntu-18-04-lts-security-guide
• https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts
**EDIT**
Refer to comment #47 for an alternative version. |
|
| 2020-10-17 00:15:10 |
Akihiro HARAI |
bug |
|
|
added subscriber Akihiro HARAI |
| 2020-11-17 16:52:37 |
Martin Bruzina |
bug |
|
|
added subscriber Martin Bruzina |
| 2020-12-22 18:28:58 |
Julian Andres Klode |
grub2 (Ubuntu): importance |
Undecided |
Wishlist |
|
| 2020-12-26 12:44:28 |
Adam Romanek |
bug |
|
|
added subscriber Adam Romanek |
| 2021-02-23 11:15:02 |
Michel-Ekimia |
bug |
|
|
added subscriber Michel-Ekimia |
