Ubuntu
ubiquity package

Bug #1799550
Comment #13

Comment 13 for bug 1799550

Revision history for this message

Xavier Gnata (xavier-gnata-gmail) wrote on 2020-12-23: Re: [Bug 1799550] Re: No way to encrypt at partition level (dual boot)

#13

Thank you so much for the feedback!

Le mer. 23 déc. 2020 à 00:20, Julian Andres Klode <
<email address hidden>> a écrit :

> I think the answer there is fscrypt - native encryption at the
> filesystem level supported by ext4 and some other day - but I'm not sure
> what the plans are. Partitioning is hard and the requirement to setup a
> separate /boot and crypt device are not always possible, though it is
> less of an issue these days with GPT devices.
>
> As I pointed out on another bug report, the goal to dual boot with
> encryption is not helped much by new devices being sold with BitLocker
> enabled for the drive, forcing you to disable it in order to install
> Ubuntu in the first place (one reason I imagine being that the
> encryption key is sealed to the Windows boot process in the TPM, so
> there's not a way to decrypt it from another OS, or even Windows booted
> from a different disk).
>
> That the installer is unable to unlock luks partitions is a bit
> unfortunate as it forces users to do more steps manually, and makes
> reinstalling Ubuntu harder on systems where you want to keep /home but
> replace /; or running multiple distributions in parallel - I've been hit
> by that as well.
>
> In any case, I understand and share the concerns raised here and will
> try to raise that internally, as this might also simply have went out of
> our radar.
>
> ** Tags added: rls-hh-incoming
>
> ** Changed in: ubiquity (Ubuntu)
> Status: Confirmed => Triaged
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1799550
>
> Title:
> No way to encrypt at partition level (dual boot)
>
> Status in ubiquity package in Ubuntu:
> Triaged
>
> Bug description:
> I'm using kubuntu alongside with windows in a dual boot, therefore I
> cannot use the full disk partition option. There is no option in the
> installer to get an encrypted kubuntu with windows (or any other OS)
> already installed on the same disk. There used to be an option to encrypt
> /home (up to 16.10 IIRC) but it does not exist anymore.
> I had to follow and adapt this tutorial
> http://blog.botux.fr/en/2015/09/ubuntu-installation-manual-full-disk-encryption-lvm-on-luks/
> to get my encrypted kubuntu.
> Is it a bug in the installer or a missing (important, as security
> related) feature?
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1799550/+subscriptions
>

Thank you so much for the feedback!

Le mer. 23 déc. 2020 à 00:20, Julian Andres Klode <
1799550@bugs.launchpad.net> a écrit :

> I think the answer there is fscrypt - native encryption at the
> filesystem level supported by ext4 and some other day - but I'm not sure
> what the plans are. Partitioning is hard and the requirement to setup a
> separate /boot and crypt device are not always possible, though it is
> less of an issue these days with GPT devices.
>
> As I pointed out on another bug report, the goal to dual boot with
> encryption is not helped much by new devices being sold with BitLocker
> enabled for the drive, forcing you to disable it in order to install
> Ubuntu in the first place (one reason I imagine being that the
> encryption key is sealed to the Windows boot process in the TPM, so
> there's not a way to decrypt it from another OS, or even Windows booted
> from a different disk).
>
> That the installer is unable to unlock luks partitions is a bit
> unfortunate as it forces users to do more steps manually, and makes
> reinstalling Ubuntu harder on systems where you want to keep /home but
> replace /; or running multiple distributions in parallel - I've been hit
> by that as well.
>
> In any case, I understand and share the concerns raised here and will
> try to raise that internally, as this might also simply have went out of
> our radar.
>
> ** Tags added: rls-hh-incoming
>
> ** Changed in: ubiquity (Ubuntu)
>        Status: Confirmed => Triaged
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1799550
>
> Title:
>   No way to encrypt at partition level (dual boot)
>
> Status in ubiquity package in Ubuntu:
>   Triaged
>
> Bug description:
>   I'm using kubuntu alongside with windows in a dual boot, therefore I
> cannot use the full disk partition option. There is no option in the
> installer to get an encrypted kubuntu with windows (or any other OS)
> already installed on the same disk. There used to be an option to encrypt
> /home (up to 16.10 IIRC) but it does not exist anymore.
>   I had to follow and adapt this tutorial
> http://blog.botux.fr/en/2015/09/ubuntu-installation-manual-full-disk-encryption-lvm-on-luks/
> to get my encrypted kubuntu.
>   Is it a bug in the installer or a missing (important, as security
> related) feature?
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1799550/+subscriptions
>

Ubuntuubiquity package

Comment 13 for bug 1799550

Ubuntu
ubiquity package