No it is not a grub issue. It's an issue with the installer which does not provide this option anymore. Wishlist..kind of but I think it is much closer to a big security issue than to a wishlist. The net result is that people do install kubuntu without any encryption.
Le mar. 22 déc. 2020 à 19:40, Julian Andres Klode < 1773...@bugs.launchpad.net> a écrit : > ** Changed in: grub2 (Ubuntu) > Importance: Undecided => Wishlist > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1773457 > > Title: > Full-system encryption needs to be supported out-of-the-box including > /boot and should not delete other installed systems > > Status in grub2 package in Ubuntu: > Confirmed > Status in ubiquity package in Ubuntu: > Confirmed > > Bug description: > In today's world, especially with the likes of the EU's GDPR and the > many security fails, Ubuntu installer needs to support full-system > encryption out of the box. > > This means encrypting not only /home but also both root and /boot. The > only parts of the system that wouldn't be encrypted are the EFI > partition and the initial Grub bootloader, for obvious reasons. > > It should also not delete other installed systems unless explicitly > requested. > > On top of this, the previous method of encrypting data (ecryptfs) is > now considered buggy, and full-disk encryption is recommended as an > alternative. Unfortunately, the current implementation of full-disk > encryption wipes any existing OS such as Windows, making the > implementation unusable for most users. > > Now, using LUKS and LVM, it is already possible to have full-disk > encryption (strictly, full-partition encryption because it leaves any > existing OS alone), while encrypting /boot. Reference: > > https://help.ubuntu.com/community/ManualFullSystemEncryption > > ... but with one major limitation: Grub is incorrectly changed after > an update affecting the kernel or Grub, so that a manual Grub update > is required each time this happens (this is fully covered in the > linked instructions). > > If the incorrect Grub change is fixed, it should be (relatively) > simple to support full-system encryption in the installer. > > Further information (2018-08-17): > > The NCSC recommends, "Use LUKS/dm-crypt to provide full volume > encryption." > References: > • > https://blog.ubuntu.com/2018/07/30/national-cyber-security-centre-publish-ubuntu-18-04-lts-security-guide > • https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts > > **EDIT** > Refer to comment #47 for an alternative version. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1773457/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773457 Title: Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1773457/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
