Any plans to have encryption as an option in future Ubuntu Touch installers? [Solved]
-
Hi.
Is there any plan in the works? Kind of like LUKS on other distros?
Thanks.
-
@Opolork afaik, plans... sure. Any work in progress? Nope
-
@advocatux said in Any plans to have encryption as an option in future Ubuntu Touch installers?:
@Opolork afaik, plans... sure. Any work in progress? Nope
Ok, thanks advocatux. I'd love to see a simple encryption checkbox in the UBports installer.
-
From 2016: Ubuntu Touch to Support Encryption of User Data: https://news.softpedia.com/news/ubuntu-touch-to-support-encryption-of-user-data-498694.shtml
-
@Opolork probably that'll be easier on non Android devices than the Android ones.
Android devices impose many limitation on us, like for example, we can't re-lock the bootloader currently and things like that.
On the other hand, and at your own risk, you can experiment with some approach like this https://forums.ubports.com/topic/1012/one-method-to-encrypt-home-phablet
-
@Opolork yeah, Canonical had a lot of plans back then
-
@advocatux said in Any plans to have encryption as an option in future Ubuntu Touch installers?:
@Opolork yeah, Canonical had a lot of plans back then
Alas, Canonical have started and canceled a fair few things now.
-
@advocatux said in Any plans to have encryption as an option in future Ubuntu Touch installers?:
@Opolork probably that'll be easier on non Android devices than the Android ones.
Android devices impose many limitation on us, like for example, we can't re-lock the bootloader currently and things like that.
On the other hand, and at your own risk, you can experiment with some approach like this https://forums.ubports.com/topic/1012/one-method-to-encrypt-home-phablet
I think I'll give that a miss.
-
This post is deleted! -
@ell1e This thread is nearly a year old and restarting them is very hit and miss so you are probably better starting a new thread and referring back to this one. Another option might be to ask a question in this weeks Q&A about any plans to add this to the installer or such.
https://forums.ubports.com/topic/4295/ubuntu-touch-q-a-76-saturday-23rd-of-may-at-19-00-utc/9 -
one work around could be an NFC key, which provides the encryption key, without having to get into the hardware security tech of different phones
-
This post is deleted! -
@ell1e said in Any plans to have encryption as an option in future Ubuntu Touch installers?:
@pixelated my point was to exactly not do what you suggested, by just providing plain old LUKS with a password and not go into other gadgets like NFC key or whatever for a base implementation. (Of course these additions are always nice later, but my point was talking about those now is putting the cart before the horse.)
It has been mentioned in previous Q&As (when I asked ) that encryption is in the long-term plans, but it is not a high priority when compared to the many immediate currency issues (unity8/lorimi, getting to Xenial, now the need to get to 20.04 and maybe even a new version of QT, etc.) as well as stability, new features, more devices, etc.
In the long run, perhaps it would be possible to bundle a software keyboard like Postmarket's OSK-SDL into the initrd, and provide an initial LUKS encryption option through the installer, but from what I understand, the way OTAs are deployed would then need to change radically, and I wouldn't expect a change of that scope to happen anytime soon.
In the meantime, some of us remount a LUKS-encrypted file onto /home/phablet: One method to encrypt /home/phablet (As mentioned upthread)
Obviously that is a dirty hack (and risks system breakage during updates) and far from a complete solution, but it does provide some bare minimum security against theft by a lazy thief. If a professional attacker (corporate, governmental, advanced criminal, etc.) gets hold of your phone, this is likely insufficient.
-
This post is deleted! -
@ell1e home/phablet is where all your stuff is anyways, you'd have a hard time putting anything personal anywhere else, unless you actively put effort into doing that.
However that doesn't dismiss how hacky this is, and so I do hope that some of this can be used to make it easier to encrypt your home directory.
It'd be great to have it in system settings, as a tap if you want to enable it, and add a decryption password.I think encryption is important, and encrypting the home drive is greatly desired, but we've also got to be realistic with how it'll work, once you've decrypted it once, I don't think your data is encrypted (on any mobile system) until you turn off your phone again.
-
@ell1e
yes that is a solution, but any password long enough to make brute force a waste of time, is going to be very difficult to remember or enter regularly (unless combined with a hardware key on the device security chip)
for most people that probablyisnt an issue, but fkr anyone who genuinely needa the encryption, it probably would be
(edit : he typos above are good example of why a password is not ideal for phone encryptionlol ..unfortunatly i find UTs keyboard v buggy, random spaces, deleting spaces, changing capitalisation randomly, duplicated letters,etc, at the moment)
-
This post is deleted! -
@ell1e said in Any plans to have encryption as an option in future Ubuntu Touch installers?:
All I'm hearing is excuses, to be honest. "It's not perfect, so that makes it fair to not provide it." No, I don't think it does.
Sounds like you might want to get some hearing aids then
Home folder encryption would already help a lot as you say, but is that in the installer? It should be then
You're more than welcome to work on it
-
This post is deleted!