Ubiquity encrypted home doesn't setup encrypted swap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubiquity (Ubuntu) |
Invalid
|
High
|
Evan | ||
Karmic |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Invalid
|
Undecided
|
Unassigned | ||
Maverick |
Invalid
|
Undecided
|
Unassigned | ||
Natty |
Invalid
|
High
|
Evan | ||
user-setup (Ubuntu) |
Fix Released
|
Critical
|
Evan | ||
Karmic |
Won't Fix
|
Undecided
|
Unassigned | ||
Lucid |
Won't Fix
|
Undecided
|
Unassigned | ||
Maverick |
Won't Fix
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Critical
|
Evan |
Bug Description
Binary package hint: ubiquity
When encrypted home functionality was introduced in Ubiquity in the jaunty cycle, it was decided to wait until encrypted swap was also available before enabling it as encrypted home without encrypting the swap space is not secure. From the 1.11.10 changelog:
* Disable the encrypted home option. This cannot be considered secure
without encrypted swap. The option can still be enabled by preseeding
it.
During the karmic cycle, encrypted swap was added to the installer, and was enabled in the beta builds. Web pages were created that explained the lack of hibernation support when encrypted swap was used:
http://
https:/
Somewhere before Karmic was released, Ubiquity stopped setting up encrypted swap. As a result, Karmic, Lucid and Maverick have all shipped with the encrypted home option enabled, but with clear text swap space.
This needs to be addressed as encrypted home alone isn't considered safe.
visibility: | private → public |
Changed in ubiquity (Ubuntu): | |
importance: | Undecided → High |
Changed in ubiquity (Ubuntu Natty): | |
milestone: | none → natty-alpha-2 |
status: | New → Confirmed |
Changed in ubiquity (Ubuntu Maverick): | |
status: | New → Confirmed |
Changed in ubiquity (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in ubiquity (Ubuntu Karmic): | |
status: | New → Confirmed |
Changed in ubiquity (Ubuntu Natty): | |
assignee: | nobody → Canonical Foundations Team (canonical-foundations) |
Changed in ubiquity (Ubuntu Natty): | |
assignee: | Canonical Foundations Team (canonical-foundations) → Evan Dandrea (ev) |
Changed in user-setup (Ubuntu Natty): | |
assignee: | nobody → Evan Dandrea (ev) |
importance: | Undecided → Critical |
status: | New → In Progress |
tags: | added: patch |
Changed in user-setup (Ubuntu Karmic): | |
status: | New → Confirmed |
Changed in user-setup (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in user-setup (Ubuntu Maverick): | |
status: | New → Confirmed |
Changed in ubiquity (Ubuntu Natty): | |
milestone: | natty-alpha-2 → none |
Changed in ubiquity (Ubuntu Karmic): | |
status: | Confirmed → Won't Fix |
status: | Won't Fix → Invalid |
Changed in ubiquity (Ubuntu Lucid): | |
status: | Confirmed → Invalid |
Changed in ubiquity (Ubuntu Maverick): | |
status: | Confirmed → Invalid |
Changed in ubiquity (Ubuntu Natty): | |
status: | Confirmed → Invalid |
Changed in user-setup (Ubuntu Karmic): | |
status: | Confirmed → Won't Fix |
Changed in user-setup (Ubuntu Maverick): | |
status: | Confirmed → Won't Fix |
So it looks like blkid is saying the swap partition is not when ecryptfs-setup-swap calls it. I'm going to investigate further.