[Request for input] Encrypt all the things
-
I want to start a discussion about encrypting more data stored in the
/userdatapartition, for extra security/paranoia.Right now we have
/home/phabletencrypted when done so via system-settings, but there's room for improvement. I would like to also encrypt:- Wifi settings
- Apps
- Potentially more which I don't see yet
For apps I have created a script which does the encryption in an easy-to-follow manner. This will require a device with policy version 2 support. It's available here: https://gist.github.com/fredldotme/696ab1e22bec4ed296caee471aa89a87
ATTENTION: Don't try to force the script to run on a system which only supports v1 policies, this will break app installation and uninstallation.
The script keeps the unencrypted original in
/userdata/system-data/opt/click.ubuntu.com-bakwhich you will have to remove manually after rebooting.Encrypting data which is usually accessed by non-phablet users will require v2 policy suppport, so keep that in mind when coming up with ideas.
Any input?
For a list of my contributions to Ubuntu Touch visit: https://fredl.me
If you have enjoyed my work on Ubuntu Touch over the years, please donate to my causes:
- PayPal: https://paypal.me/beidl
- Liberapay: https://liberapay.com/fredldotme
-
@fredldotme Encrypting WiFi settings (
/etc/NetworkManager/system-connections) is a must-have, as they contain passwords. But what is the reason to encrypt apps' installation? The executables and assets are public anyway, I don't know any app that stores sensitive data in/opt. -
@ikoz Encrypting apps would prevent tampering with executables and replacing them with malicious ones by evil actors.
-
@fredldotme
what about bluez data and system logs?
/etc/shadow so an attacker can't substitute their password? -
encrypting logs would mean that no software could run before having entered a decryption key.
Using a phone to call for help would be impossible for a person not having the code. Could be awkward at times. Or even legally dubious. -
@uxes IIRC with fscrypt in place, just replacing shadow breaks the protectors of fscrypt, leaving the system with a broken state. Also that's the dog biting it's tail: decrypting based on the password while the file containing the password is locked, that doesn't work.
Regarding bluez data: that would break bluetooth at the greeter, which might be required for some usecases.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login