Ubuntu
ubiquity package

Insufficient options for encryption

Bug #1780971 reported by Lantizia
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubiquity (Ubuntu)
New
Undecided
Unassigned

Bug Description

So someone felt they should edit my bug report description (despite it remaining in my name) to simply this...

---
When installing side by side with Windows, the option to use encryption is not provided.
---

Which is only one way of looking at the bug. I am really not happy that this has been edited as it is putting words in my mouth, so again here is the original description. If you are unhappy with my bug report, I would rather you mark it as invalid or delete it rather than start rephrasing what I have said into something I was not trying to say.

---
My workplace gave me a new Dell laptop and (although I don't use Windows, unlike my colleagues) I have been told to keep the Windows partitions intact (e.g. the Dell/Windows recovery, EFI and main Windows partitions) probably so that if the laptop needs re-purposing later they can as Windows 10 doesn't seem to use a serial/recovery media any more.

I was happy to oblige with this request and on first ever laptop power on got it booting the Ubuntu MATE 18.04 installer from USB pen. I'd have loved to have just picked the encryption option presented (which also makes LVM mandatory) but this would erase Windows off too... so I had to use the advanced partitioning screen... where I shrank the main Windows partition and made myself a little ext4 /boot partition and an encrypted ext4 root partition.

This was fine until I realised that hibernation doesn't work with swap files (read other reports online about this) and needs a swap partition (something I am pleased to say has now become the default as I hate swap partitions - that is... until now, when I need one).

Making another partition for encrypted swap would have worked but would surely have resulted in two password prompts on boot and a lot of re-configuring. Which got me thinking that what was really needed in this use case... is a way of using the normal encryption option in the installer (not using the advanced partition screen) which uses LVM also (so both swap and root partitions are covered by the same encryption)... BUT in a way that it just uses whatever free space is available... rather than wiping the whole disk.

In the end I had to manually create the ext4 /boot, the crypt partition, LVM pv on top of that, the LVM vg, two LVM lv's and format them... then open up the installer for the advanced partitioning screen to see the pre-existing /dev/mapper/ entries for it to install to. But because the installer doesn't know it is installing to an encrypted area I still had to (afterwards) teach it about these by making a /etc/crypttab and reinstalling grub.

So I do *at last* have a hibernating, dual booting and encrypted laptop.

But it shouldn't be this difficult to get that surely?

I'd equally welcome a way of installing with encryption (again to free space, not wipe whole disk) without LVM... but if this is with a swap partition then the user should only be prompted for a password once on boot (for both encrypted root and encrypted swap)... or if this is using a swap file inside the encrypted root partition then the hibernation/resume to/from swap file needs fixing.

Sorry for the long report :)
---

See original description
Lantizia (lantizia)
description: updated
Lantizia (lantizia)
description: updated
summary: - Insufficient simple partitioning options
+ Insufficient options for encryption
Phillip Susi (psusi)
summary: - Insufficient options for encryption
+ Side by side install with Windows does not also provide encryption
+ option
description: updated
Revision history for this message
Lantizia (lantizia) wrote : Re: Side by side install with Windows does not also provide encryption option

psusi: You've kind of cherry picked one possible way of looking at this problem out of many different ways of solving it.

You've also completely deleted my bug description and rephrased it down to a single sentance - yet it still has my name on it.

I can't say I'm very happy about it. I'd rather you start your own bug in YOUR name... then close mine and say it is a duplicate of that.

Some other ways of looking at this problem are...
- Get 'Something else' to be able to make/modify LVM entities
- Get the automatic encryption option to have a 'install to free space' mode... as it might not be Windows that you're installing alongside (so you might need to resize that other OS first)
- Get the installer offering an encrypted swap partition and ensure when it sets up the prompt for booting up the system - that is asks for one password that works for both root and swap.
- And probably lots of other possible ways of looking at this...

Lantizia (lantizia)
description: updated
summary: - Side by side install with Windows does not also provide encryption
- option
+ Insufficient options for encryption
Revision history for this message
Phillip Susi (psusi) wrote : Re: [Bug 1780971] Re: Side by side install with Windows does not also provide encryption option

On 7/18/2018 2:25 AM, Steven Maddox wrote:
> psusi: You've kind of cherry picked one possible way of looking at this
> problem out of many different ways of solving it.
>
> You've also completely deleted my bug description and rephrased it down
> to a single sentance - yet it still has my name on it.
>
> I can't say I'm very happy about it. I'd rather you start your own bug
> in YOUR name... then close mine and say it is a duplicate of that.

I'm a bug triager; that's my job. You posted a novel, which is not a
valid bug report that a developer can work on. I worked hard to get
through reading it without my eyes glazing over and to pick out
something that sounded like an actual bug.

> Some other ways of looking at this problem are...
> - Get 'Something else' to be able to make/modify LVM entities
> - Get the automatic encryption option to have a 'install to free space' mode... as it might not be Windows that you're installing alongside (so you might need to resize that other OS first)
> - Get the installer offering an encrypted swap partition and ensure when it sets up the prompt for booting up the system - that is asks for one password that works for both root and swap.
> - And probably lots of other possible ways of looking at this...

Which would you prefer instead of the one I picked? I can tell you that
it is known and noted in other bug reports that Ubiquity does not have
support for raid and the LVM support is very limited.

Revision history for this message
Lantizia (lantizia) wrote :

It is a novel you are right.

I hesitated at great length before submitting it and tried my best to cut out as much as possible that didn't take away from the original scenario.

I have *never* logged a bug of this length *ever* before, it is hopefully my last of this length.

But after talking this over with some people in #ubuntu-dev on freenode the other week (and some people pointing out that you mean well, but often *over* triage bug reports)...

I'm still left with the opinion that a bug report shouldn't need to propose a solution (although often it helps if the poster has one... and I posed a few). It should try to accurately paint a picture of how the problem arose so others realise how unique it is (vs. other reports) or how other users might use the software they hadn't considered.

In this case I couldn't find a way to do it shorter. But it doesn't mean having a bug with my name on being cut down to something I didn't mean to raise or completely missing original point.

Additionally... a "bad experience" is as much a bug as anything else, obviously it's not a very technical bug and very difficult to de-duplicate from one persons coloured experience to the next. But it is still just as valid as if we don't collect that kind of feedback, you'll have people being silently frustrated.

If you still feel as you have already expressed, I'd rather you flag this bug as invalid and close it. Or better yet... if possible, delete it and forget I ever bothered.

Steven

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.