UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Encrypting data at rest?

    Support
    4
    4
    288
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bayesian
      last edited by

      In my opinion, encryption at rest is a minimal requirement for a phone. I know that the developers don't have a lot of time and a big wish list.

      I found this guide here:
      https://forums.ubports.com/topic/1012/one-method-to-encrypt-home-phablet/1

      The thread is very old. Have there been any new developments?

      1 Reply Last reply Reply Quote 0
      • arubislanderA
        arubislander
        last edited by

        That thread still accurately represents the current state of affairs.

        πŸ‡¦πŸ‡Ό πŸ‡³πŸ‡± πŸ‡ΊπŸ‡Έ πŸ‡ͺπŸ‡Έ
        Happily running Ubuntu Touch
        BQ Aquaris M10 FHD (16.04 RC)
        Google Pixel 3a (20.04 DEV)
        JingPad (20.04 DEV)
        Meizu Pro 5 (16.04 DEV)
        PinePhone / PineTab UT CE (20.04 daily)

        1 Reply Last reply Reply Quote 0
        • dobeyD
          dobey
          last edited by

          Encryption is still an iffy topic for things like Ubuntu Touch, for several reasons, some of which are solvable, and some which aren't:

          1. ecryptfs is deprecated upstream
          2. We don't have access to hardware backed key storage
          3. We don't have usable OSK in recovery
          4. We can't re-lock the bootloader
          T 1 Reply Last reply Reply Quote 0
          • T
            trainailleur @dobey
            last edited by

            @dobey said in Encrypting data at rest?:

            Encryption is still an iffy topic for things like Ubuntu Touch, for several reasons, some of which are solvable, and some which aren't:

            1. ecryptfs is deprecated upstream
            2. We don't have access to hardware backed key storage
            3. We don't have usable OSK in recovery
            4. We can't re-lock the bootloader

            I agree with points 2, 3, and 4. Re. point 1, that is true, but fortunately crytpsetup and LUKS are not deprecated, and that's what a few of us I know who run encrypted home are using. It's an imperfect solution and probably not an effective barrier to a skilled attacker, but I feel reasonably comfortable it would stop most people who find or steal a phone from viewing the contents.

            Re. 3, PMOS has an OSK they can build into their initramfs, but I'm not sure it supports anything other than ASCII so without further development might not be a solution for many users even if it could be ported to UT and placed somewhere in both the boot process and recovery.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post