One method to encrypt /home/phablet



  • @malditobastardo check that you have the correct entries in your sources.list and do an apt update before trying to install that package



  • @malditobastardo run apt-get update first, it is in Xenial.



  • @chrisc Hello Sir, thank you for your answer.

    I just realized that I am getting tons of errors when trying to do apt-get update

    ( Could not open file /var/lib/apt/lists/partial/ports.ubuntu.com_ubuntu-ports_dists_xenial-updates_main_source_Sources.xz - open (13: Permission denied) [IP: 91.189.88.150 80])
    Similar lo this.

    Maybe is a ubports server issue?
    @advocatux

    and this:

    "phablet@ubuntu-phablet:~$ sudo mount -o rw,remount /
    [sudo] password for phablet:
    phablet@ubuntu-phablet:~$ apt-get update
    Reading package lists... Done
    W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
    E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
    E: Unable to lock directory /var/lib/apt/lists/
    W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)
    W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)"

    Ok I needed "sudo", is that normal??? (installing cryptsetup)



  • @malditobastardo run sudo -i to become root.



  • @trainailleur I only have a OnePlus One at the moment and sometimes it takes a while for the display to come back up after a /etc/init.d/lightdm restart and yes it is easier doing it via SSH.



  • @chrisc First step done! I am getting this in the second part:

    sent 40,788,174 bytes received 21,557 bytes 16,323,892.40 bytes/sec
    total size is 40,668,865 speedup is 1.00
    root@ubuntu-phablet:/home# umount /media/phablet/
    root@ubuntu-phablet:/home# mount /dev/mapper/phablet /home/phablet
    root@ubuntu-phablet:/home# cd /tmp
    root@ubuntu-phablet:/tmp# nohup /etc/init.d/lightdm force-reload
    nohup: ignoring input and appending output to 'nohup.out'
    root@ubuntu-phablet:/tmp# cd
    root@ubuntu-phablet:~# cryptsetup luksOpen phablet.img phablet
    Device phablet.img doesn't exist or access denied.

    edit: is this step needed? (I did this in a fresh install). Should I just leave the "phablet.img" sitting there (2GB) in /home/phablet?

    edit2: ok I am starting to understand how this works.. I think. So after a restart of the phone I can't see any of my files, config, photos, etc. so it looks like every time I restart or shutdown my phone I need to "decrypt" the disk manually. The issue is that I am trying to follow the steps mentioned in the guide but I am getting access denied? Is this correct? Its normal that I have to decrypt everytime i restart the phone?

    Edit3: Ok so I managed to "decrypt" and I have all of my files back again. I had to run the commands in /home to make it work (mybad).
    Anyway, whats the best way to decrypt the phone? Because most of the times in don't have the chance to ssh into my phone and I usually restart the device 2-3 times per day, so doing this everytime is kind of PIA πŸ™‚ . There is no easy way to deal with this? Otherwise I may just reset the phone and wait for a proper way to Encrypt the phone in the future 😞 .
    Thanks everyone for everything specially @chrisc !!!



  • @malditobastardo said in One method to encrypt /home/phablet:

    ...
    phablet@ubuntu-phablet:~$ apt-get update
    ...
    Ok I needed "sudo", is that normal??? (installing cryptsetup)

    As far I know, you always need sudo when doing apt-get install, or apt-get update. For me this works:

    phablet@ubuntu-phablet:~$ sudo apt-get update
    


  • @chrisc said in One method to encrypt /home/phablet:

    @trainailleur I only have a OnePlus One at the moment and sometimes it takes a while for the display to come back up after a /etc/init.d/lightdm restart and yes it is easier doing it via SSH.

    I had inconsistent results with restart (sometimes display would never return, and other times it would return but with wifi broken, though I admit I have no idea what would cause that to happen. ☺ ), but force-reload has worked every time so far.

    Thank you again for your help with this!

    @malditobastardo said in One method to encrypt /home/phablet:

    edit: is this step needed? (I did this in a fresh install). Should I just leave the "phablet.img" sitting there (2GB) in /home/phablet?

    Sorry I was offline when all of your questions came up. Glad @chrisc was here to help!

    You could put it anywhere, so long as it's on a writable filesystem. Since much of the UBPorts filesystem is not writable by default, /home seems a good place to me.

    edit2: ok I am starting to understand how this works.. I think. So after a restart of the phone I can't see any of my files, config, photos, etc. so it looks like every time I restart or shutdown my phone I need to "decrypt" the disk manually. The issue is that I am trying to follow the steps mentioned in the guide but I am getting access denied? Is this correct? Its normal that I have to decrypt everytime i restart the phone?

    Yes, normal. You could write a script or create a bash alias to make it simpler. Since I'm still tinkering, I've not yet done this but plan to.

    Edit3: Ok so I managed to "decrypt" and I have all of my files back again. I had to run the commands in /home to make it work (mybad).
    Anyway, whats the best way to decrypt the phone? Because most of the times in don't have the chance to ssh into my phone and I usually restart the device 2-3 times per day, so doing this everytime is kind of PIA πŸ™‚ . There is no easy way to deal with this? Otherwise I may just reset the phone and wait for a proper way to Encrypt the phone in the future 😞 .

    Use the built in terminal application, and you won't have to ssh. ☺ ssh is useful for doing a lot of setup, but just to unlock and mount the crypt is only a few commands and easy enough to type in the terminal. Just note what my earlier posts said about the steps I had to take to get lightdm to restart when run from the local terminal on the phone as opposed to ssh. I agree that ssh isn't a good solution to unlocking the phone, which is why I kept chipping away at it until I found steps which would work in the on-board terminal.

    I may have a bit of an advantage in that from other work I'm extremely used to typing cryptsetup commands by hand and could type them in my sleep (I have in fact dreamt them before 😨 ), but it's pretty easy to set up bash aliases or write a simple bash script if you have trouble remembering the steps or syntax or simply want to save the hassle of typing on a software keyboard.

    Thanks everyone for everything specially @chrisc !!!

    I'm delighted to know there are now at least three of us doing this. ☺



  • @trainailleur thanks for you help with this and I'm glad it has been of use, I have updated the top post with your method to restart the display manager.

    As I said in the top post, "I'd strongly suggest that only people who know their way around Linux via the command line do this…"

    I have also added a e2fsck /dev/mapper/phablet line β€” if your phone goes flat or has to be forcibly power cycled it can result in some disk inconsistency so best check before mounting.

    I don't have a SIM card in my Ubuntu Touch OnePlus One (in fact I have the mobile phone network modem switched off via /usr/share/ofono/scripts/disable-modem /ril_0), I only use WiFi and also have an encrypted Debian Stretch chroot on the phone (which also runs a SSH server) that I use for most things and I run all my terminal sessions in screen so that when there is the occasional display manager crash I don't lose them. I also make a lot of use of git and mosh and ansible (via Debian backports) β€” I don't like carrying a laptop around all the time but I like to be able to do emergency sysadmin work from anywhere and the Ubuntu Touch phone enables this.

    I have terrible battery life when WiFi is on, I generally only have it on when it is plugged in or when doing something in an emergency, I use my LineageOS OnePlus 3 (without Gapps) as a hotspot and connect via that. When the WiFi is off I have excellent battery life, the phone might only drop 1% overnight even with multiple mosh sessions running in screen in the Debian chroot with Prevent app suspension enabled for the Terminal app via the UT Tweak Tool.

    I have some old notes on some other tricks on a wiki, but I haven't updated that for a couple of years so much of it might be outdated.



  • @chrisc @trainailleur Hey guys, thanks for your help!

    Ok so everything is working fine with ssh after each restart etc. I was also experimenting doing it by the phone terminal but when I go that route I only get half of my config working. For example, the contacts are not visible, the changes made with UTweaktool are not present, the keyboard theme etc. Sadly for some reason doing it by the terminal only decrypt half of my config or something like that. I don't know why.
    Also I noticed a worse battery perfomance in my Nexus 5. It was 65% 8 hours ago before going to sleep and today in the morning the phone was dead. Other than that. I will try to figure out why decrypting the phone via the terminal is not working for me, if I manage to get that working or by a script/bash alias I will keep with the encryption long term. Let's see.. Thank you again.

    One more thing, I am also experiencing the wifi dissapearing sometimes, usually I fix that by restarting once the phone.

    edit2: after trying to decrypt with the new commands, it worked well doing it from the phone terminal πŸ™‚


Log in to reply