One method to encrypt /home/phablet
chrisc last edited by
Hi, I'm posting this here in case anyone else wants to encrypt their
/home/phabletdirectory, I'd strongly suggest that only people who know their way around Linux via the command line do this…
This is easier to do if you have
sshaccess to the phone, to enable that:
android-gadget-service enable ssh cd mkdir .ssh chmod 700 .ssh cd .ssh wget https://github.com/$GITHUBUSERNAME.keys -O authorized_keys chmod 600 authorized_keys
You can then
sshto the phone as the
cryptsetup, by remounting root read write and updating the
mount -o rw,remount / vi /etc/apt/sources.list :1,$s;ports.ubuntu.com/ubuntu-ports;old-releases.ubuntu.com/ubuntu; apt-get update apt-get install cryptsetup mount -o ro,remount /
Create a 2G disk, encrypt it, format it, mount it, rsync data to it, unmount and remount it and restart the display manager:
sudo -i cd /home fallocate -l 2G phablet.img cryptsetup luksFormat phablet.img cryptsetup luksOpen phablet.img phablet mkfs.ext4 /dev/mapper/phablet mkdir /media/phablet mount /dev/mapper/phablet /media/phablet rsync -av /home/phablet/ /media/phablet/ umount /media/phablet/ mount /dev/mapper/phablet /home/phablet /etc/init.d/lightdm restart
If everything is OK you might then want to delete the extra copy of the data at
/home/phablet, or if you have done this on an initial install install of the phone you might want to leave that where it is since the phone will then appear to have no data on it when booted and your data will only appear after you have decrypted and mounted the disk:
sudo -i cryptsetup luksOpen phablet.img phablet mount /dev/mapper/phablet /home/phablet /etc/init.d/lightdm restart
trainailleur last edited by trainailleur
@chrisc Thanks. I had been tinkering with this on one of my test devices, based on your old instructions ( https://ubuntu.webarch.uk/wiki/Encrypted_Home ). The restart of lightdm was the piece I was missing, so this post here is extremely helpful. I'll try this out when I get back home to my main test phone next week.
Edit to add: I realize from looking at my earlier posts that I never thanked you for pointing me to your earlier instructions in a reply you wrote me about encryption here last autumn. My deepest apologies. I'd certainly not intended to be so rude, so all I can think is it slipped my mind. In any case, I was very grateful for that post, as I am for this post.
Osndok last edited by
I've got several questions!
Firstly, have you noticed much performance penalty for enabling encryption?
And second... supposing that I did this, and later perform an OTA that wipes out the cryptsetup (and its dependencies)... is that going to make the phone unusable? if so, how could I fix it with a "real" computer, or safely test this situation?
chrisc last edited by
@trainailleur no worries, glad to have helped :-)
@Osndok I haven't used Ubuntu Touch without an encrypted partition so I don't have anything to compare with, sometime I do get rapid battery drain, the phone will go flat over night, but that is very rare, most the time it'll only lose 1% or 2% overnight when in airplane mode.
I do find I have a rapid battery drain when using wifi, I don't know the reason for this. I have used the UT Tweak Tool to ensure that suspension is prevented for the Terminal App and I use
screenin a Debian chroot for most things.
The last OTA upgrade didn't remove
cryptsetup, I'm not exactly sure why, in any case it is easy enough to reinstall it, in any case, if need be, just copy the file with the encrypted filesystem to a Linux machine and decrypt it there.