Well it's an issue indeed but the fact that no encryption is possible without having to deal with the command line is much worst.
Le lun. 21 déc. 2020 à 22:15, Nodøn <1773...@bugs.launchpad.net> a écrit : > Encryption should also be possible without LVM. LVM is very good, but if > you are using for example BTRFS, you may don't want to use both at the > same time. Should just be an option. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1773457 > > Title: > Full-system encryption needs to be supported out-of-the-box including > /boot and should not delete other installed systems > > Status in grub2 package in Ubuntu: > Confirmed > Status in ubiquity package in Ubuntu: > Confirmed > > Bug description: > In today's world, especially with the likes of the EU's GDPR and the > many security fails, Ubuntu installer needs to support full-system > encryption out of the box. > > This means encrypting not only /home but also both root and /boot. The > only parts of the system that wouldn't be encrypted are the EFI > partition and the initial Grub bootloader, for obvious reasons. > > It should also not delete other installed systems unless explicitly > requested. > > On top of this, the previous method of encrypting data (ecryptfs) is > now considered buggy, and full-disk encryption is recommended as an > alternative. Unfortunately, the current implementation of full-disk > encryption wipes any existing OS such as Windows, making the > implementation unusable for most users. > > Now, using LUKS and LVM, it is already possible to have full-disk > encryption (strictly, full-partition encryption because it leaves any > existing OS alone), while encrypting /boot. Reference: > > https://help.ubuntu.com/community/ManualFullSystemEncryption > > ... but with one major limitation: Grub is incorrectly changed after > an update affecting the kernel or Grub, so that a manual Grub update > is required each time this happens (this is fully covered in the > linked instructions). > > If the incorrect Grub change is fixed, it should be (relatively) > simple to support full-system encryption in the installer. > > Further information (2018-08-17): > > The NCSC recommends, "Use LUKS/dm-crypt to provide full volume > encryption." > References: > • > https://blog.ubuntu.com/2018/07/30/national-cyber-security-centre-publish-ubuntu-18-04-lts-security-guide > • https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts > > **EDIT** > Refer to comment #47 for an alternative version. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1773457/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773457 Title: Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1773457/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
