Ubiquity needs support for fscrypt
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubiquity (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Home encryption using ecryptfs was removed in Ubuntu 18.04 for reasons. Full disk encryption was recommended as an alternative, and set as the one-size-fits-all solution in ubiquity.
Not everyone agrees that encrypting the entire disk is the best alternative. Some prefer a more lightweight solution. Others have families and like to share a laptop, perhaps even with an unprivileged password-less guest account, and family members want to encrypt their home with a personal password.
Can we re-introduce (an option to choose) home encryption using fscrypt? Not only was this suggested (prematurely) by the Ubuntu 18.04 release notes, it's also feature-complete now with v2 kernel encryption policy patches merged in kernel 5.4, which is the default kernel on Ubuntu 20.04 LTS.
Setup
-----
Steps that would need to be scripted in ubiquity are as simple as:
```
apt install fscrypt libpam-fscrypt
fscrypt setup
fscrypt setup /
fscrypt setup /home ## only if home is on a separate partition
fscrypt encrypt /home/$USERNAME
```
For the rest you can probably re-use the ubiquity widgets and detection code from the ecryptfs days.
Keep in mind that the fscrypt packages on the Ubuntu repositories are outdated. See: https:/
Resources
---------
Fscrypt ext4 native encryption documented on Kernel.org
https:/
Build instructions
https:/
Fscrypt on Arch Linux
https:/
Changed in ubiquity (Ubuntu): | |
importance: | Undecided → Wishlist |
Status changed to 'Confirmed' because the bug affects multiple users.