[Bug 1773457] Re: Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems

Milan Niznansky 1773457 at bugs.launchpad.net
Fri Aug 3 19:31:06 UTC 2018 

@Phillip

I believe that in the heat of the argument the key point was lost.

In the enterprise world, the "desktop" method of "lets assume we can
wipe all user data" and "lets assume this is a single-disk use case"
simply do not add up.

For me, the current model is simply unusable for 2 fundamental reasons:
A) As a corporate policy /precedes GDPR, but I presume it is not unique/ the only partition except from mandatory encryption is the EFI partition. This is not up for discussion. There is NO WAY you will even be able to win this argument with the InfoSec Crowd. Because they are right. You need to assume *not only* scenarios of external attacker but also the user himself mis-using the /boot partition to exchange confidential data. And please do not go with the "then you are already compromised so you lost anyway" argument. The point is is defense-in-depth. With trusted boot you can actually ignore the EFI-the system will refuse to boot if the EFI is messed with. Etc.

B) And this is even more critical, I have a powerfull workstation with
several SSDs used as Virtualization host for a bunch of VMs under VMware
workstation. I NEED to use custom partitioning to be able to create a
custom LUKS volume and pass that volume directly to VMs to do their
stuff - while staying fully encrypted on the HW level.

In summary, for "Kid's computer", the current approach is fine. No
question there. Bu then, for a Kid's computer, Win10 is fine too so is a
Mac ...

What this bug report is about is how to address PROFESSIONAL / ADVANCED use cases seemlessly.
Right now, the solution prepared by Paddy is absolutely fine - and it is even fine if it is NOT included in Uniquity.
But we should get the Grub bug fixed - bar the need for the "RefreshGrub" script, I found Paddy's solution infitintely more practical than being forced to use Red Hat (which supports a custom configuration just fine) or a Mac for that matter.


I am marking this against Grub too - as maybe first step is to fix the Grub bug and once that is done, consider extenting this to Ubiquity for the next LTS cycle.

** Also affects: grub (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub in Ubuntu.
https://bugs.launchpad.net/bugs/1773457

Title:
  Full-system encryption needs to be supported out-of-the-box including
  /boot and should not delete other installed systems

Status in grub package in Ubuntu:
  New
Status in ubiquity package in Ubuntu:
  Incomplete

Bug description:
  In today's world, especially with the likes of the EU's GDPR and the
  many security fails, Ubuntu installer needs to support full-system
  encryption out of the box.

  This means encrypting not only /home but also both root and /boot. The
  only parts of the system that wouldn't be encrypted are the EFI
  partition and the initial Grub bootloader, for obvious reasons.

  It should also not delete other installed systems unless explicitly
  requested.

  On top of this, the previous method of encrypting data (ecryptfs) is
  now considered buggy, and full-disk encryption is recommended as an
  alternative. Unfortunately, the current implementation of full-disk
  encryption wipes any existing OS such as Windows, making the
  implementation unusable for most users.

  Now, using LUKS and LVM, it is already possible to have full-disk
  encryption (strictly, full-partition encryption because it leaves any
  existing OS alone), while encrypting /boot. Reference:

  https://help.ubuntu.com/community/ManualFullSystemEncryption

  ... but with one major limitation: Grub is incorrectly changed after
  an update affecting the kernel or Grub, so that a manual Grub update
  is required each time this happens (this is fully covered in the
  linked instructions).

  If the incorrect Grub change is fixed, it should be (relatively)
  simple to support full-system encryption in the installer.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub/+bug/1773457/+subscriptions

More information about the foundations-bugs mailing list