UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Encrypting data at rest?

    Scheduled Pinned Locked Moved Support
    4 Posts 4 Posters 396 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
      Reply
      • Reply as topic
      Log in to reply
      This topic has been deleted. Only users with topic management privileges can see it.
      • B Offline
        bayesian
        last edited by

        In my opinion, encryption at rest is a minimal requirement for a phone. I know that the developers don't have a lot of time and a big wish list.

        I found this guide here:
        https://forums.ubports.com/topic/1012/one-method-to-encrypt-home-phablet/1

        The thread is very old. Have there been any new developments?

        1 Reply Last reply Reply Quote 0
        • arubislanderA Offline
          arubislander
          last edited by

          That thread still accurately represents the current state of affairs.

          πŸ‡¦πŸ‡Ό πŸ‡³πŸ‡± πŸ‡ΊπŸ‡Έ πŸ‡ͺπŸ‡Έ
          Happily running Ubuntu Touch
          Google Pixel 3a (20.04 DEV)
          JingPad (24.04 preview)
          Meizu Pro 5 (16.04 DEV)

          1 Reply Last reply Reply Quote 0
          • dobeyD Offline
            dobey
            last edited by

            Encryption is still an iffy topic for things like Ubuntu Touch, for several reasons, some of which are solvable, and some which aren't:

            1. ecryptfs is deprecated upstream
            2. We don't have access to hardware backed key storage
            3. We don't have usable OSK in recovery
            4. We can't re-lock the bootloader
            T 1 Reply Last reply Reply Quote 0
            • T Offline
              trainailleur @dobey
              last edited by

              @dobey said in Encrypting data at rest?:

              Encryption is still an iffy topic for things like Ubuntu Touch, for several reasons, some of which are solvable, and some which aren't:

              1. ecryptfs is deprecated upstream
              2. We don't have access to hardware backed key storage
              3. We don't have usable OSK in recovery
              4. We can't re-lock the bootloader

              I agree with points 2, 3, and 4. Re. point 1, that is true, but fortunately crytpsetup and LUKS are not deprecated, and that's what a few of us I know who run encrypted home are using. It's an imperfect solution and probably not an effective barrier to a skilled attacker, but I feel reasonably comfortable it would stop most people who find or steal a phone from viewing the contents.

              Re. 3, PMOS has an OSK they can build into their initramfs, but I'm not sure it supports anything other than ASCII so without further development might not be a solution for many users even if it could be ported to UT and placed somewhere in both the boot process and recovery.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post