UBports Robot Logo UBports Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login
    1. Home
    2. chrisc
    3. Best
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 3
    • Posts 20
    • Groups 0

    Posts

    Recent Best Controversial
    • One method to encrypt /home/phablet

      Hi, I'm posting this here in case anyone else wants to encrypt their /home/phablet directory, I'd strongly suggest that only people who know their way around Linux via the command line do this…

      This is easier to do if you have ssh access to the phone, to enable that use the UT Tweak Tool or do it using the command line, in this example $GITHUBUSERNAME is your GitHub username and it assumes your public SSH keys are available at this URL, you could also use adb to push your public keys to the phone:

      android-gadget-service enable ssh
      cd
      mkdir .ssh
      chmod 700 .ssh
      cd .ssh
      wget https://github.com/$GITHUBUSERNAME.keys -O authorized_keys
      chmod 600 authorized_keys
      

      You can then ssh to the phone as the phablet user.

      Install cryptsetup, by remounting root read write (do not run apt-get upgrade — only install packages that are essential to you like this):

      mount -o rw,remount /
      apt-get update
      apt-get install cryptsetup
      mount -o ro,remount /
      

      Create a 2G disk, encrypt it, format it, mount it, rsync data to it, unmount and remount it and restart the display manager:

      sudo -i
      cd /home
      fallocate -l 2G phablet.img
      cryptsetup luksFormat phablet.img
      cryptsetup luksOpen phablet.img phablet
      mkfs.ext4 /dev/mapper/phablet
      mkdir /media/phablet
      mount /dev/mapper/phablet /media/phablet
      rsync -av /home/phablet/ /media/phablet/
      umount /media/phablet/
      mount /dev/mapper/phablet /home/phablet
      cd /tmp
      nohup /etc/init.d/lightdm force-reload
      

      If everything is OK you might then want to delete the extra copy of the data at /home/phablet, or if you have done this on an initial install install of the phone you might want to leave that where it is since the phone will then appear to have no data on it when booted and your data will only appear after you have decrypted and mounted the disk:

      sudo -i
      cryptsetup luksOpen phablet.img phablet
      e2fsck /dev/mapper/phablet 
      mount /dev/mapper/phablet /home/phablet
      cd /tmp
      nohup /etc/init.d/lightdm force-reload
      
      posted in Support
      chriscC
      chrisc
    • RE: One method to encrypt /home/phablet

      @trainailleur thanks for you help with this and I'm glad it has been of use, I have updated the top post with your method to restart the display manager.

      As I said in the top post, "I'd strongly suggest that only people who know their way around Linux via the command line do this…"

      I have also added a e2fsck /dev/mapper/phablet line — if your phone goes flat or has to be forcibly power cycled it can result in some disk inconsistency so best check before mounting.

      I don't have a SIM card in my Ubuntu Touch OnePlus One (in fact I have the mobile phone network modem switched off via /usr/share/ofono/scripts/disable-modem /ril_0), I only use WiFi and also have an encrypted Debian Stretch chroot on the phone (which also runs a SSH server) that I use for most things and I run all my terminal sessions in screen so that when there is the occasional display manager crash I don't lose them. I also make a lot of use of git and mosh and ansible (via Debian backports) — I don't like carrying a laptop around all the time but I like to be able to do emergency sysadmin work from anywhere and the Ubuntu Touch phone enables this.

      I have terrible battery life when WiFi is on, I generally only have it on when it is plugged in or when doing something in an emergency, I use my LineageOS OnePlus 3 (without Gapps) as a hotspot and connect via that. When the WiFi is off I have excellent battery life, the phone might only drop 1% overnight even with multiple mosh sessions running in screen in the Debian chroot with Prevent app suspension enabled for the Terminal app via the UT Tweak Tool.

      I have some old notes on some other tricks on a wiki, but I haven't updated that for a couple of years so much of it might be outdated.

      posted in Support
      chriscC
      chrisc
    • RE: UBports Community Update 13 | September 30, 2017

      @contraire I have been using Luks encrypted partitions on Ubuntu Touch for a few years and there are some notes on this here, I've just got a OpenPlus One (I did have a 8GB Nexus 4) and now I have space to setup a encrypted Debian Stretch chroot so I'm having a play with that...

      posted in General
      chriscC
      chrisc
    • RE: One method to encrypt /home/phablet

      @malditobastardo run sudo -i to become root.

      posted in Support
      chriscC
      chrisc