Idea #22860: "Allow whole disk encryption from Ubuntu Desktop installer"

Ubuntu QA:

Blog

Brainstorm

Package status

The Ubuntu community has contributed 21549 ideas, 132424 comments, 2606791 votes

All more
Projects more
Global categories more
- Accessibility
- Documentation
- Education
- Gaming
- Graphics
- Hardware support
- Installation
- Internet & Networking
- Look and Feel
- Marketing
- Multimedia
- Office
- Programming
- Quality
- Security
- Server
- System
- Usability
- Others

Idea sandbox

Popular ideas

Ideas in development

Implemented ideas

Idea #22860: Allow whole disk encryption from Ubuntu Desktop installer

Written by tdn the 7 Dec 09 at 16:13. Related project: Live CD installer. Status: New

Rationale

Currently the Ubuntu Desktop installer does not allow the user to set up whole disk encryption (with lvm/luks). However, this is easily done though the "Guided - use entire disk and set up encrypted LVM" option in the alternate installer. This should also be possible via the desktop installer.

Tags: alternate encryption installer luks lvm

118
votes

40
votes

Solution #2: add checkbox to partition list

Written by theonebshaw the 10 Dec 09 at 21:20.

I think it would be better to not clutter up the preset area and instead, when you select manual setup, add a check box similar to the current 'format partition' checkbox that allows you to encrypt certain applicable partitions... partitions that are irrelevant for encryption(like a current ntfs or a swap partition) would be darked out and not allow you to check them.

This would allow those who need/want encryption to easily install it and would avoid confusing other less tech-savvy users who just want to get Ubuntu installed on their computer.

5
votes

Propose your solution

Attachments

No attachments.

Duplicates

Idea #1857: setup encrypted LVM from Live CD (3 votes)

[Report a duplicate and merge its votes to this idea]

Comments

jeypeyy wrote on the 9 Dec 09 at 08:24

Can you please tell why disk encryption is important and what it really does. I don't think everyone knows.

I think that if there would be such an option, there should be a "what's this?" next to it. The GUI installer is intended to be user friendly, please keep it so.

krs wrote on the 9 Dec 09 at 13:33

I think encryption of the system files is more a performance loss than a security feature. It's more important to encrypt user data than system files.

Otus wrote on the 10 Dec 09 at 14:36

@AndrewLuecke

If someone gains physical access to your machine, there is no way to stop them from compromising it. Even with full disk encryption they could rewrite the decryption software with an exploit (cf. the "evil maid" attack).

Full disk encryption has limited use cases. Anyone who needs it can probably use the alternate install, but I suppose it wouldn't hurt to have it behind some "advanced" button in the graphical installer too.

Policies for encrypted removable drives, however, seem like a good idea.

tdn wrote on the 23 Dec 09 at 14:58

Appearently there is also no way to install Ubuntu Netbook Remix with whole disk encryption.

Home dir encryption is not enough, as private data can be placed in swap. Also, some of the files under /var, /etc, /root, etc. can be very sensitive also.

Lots of corporations and governments require that all laptops/netbooks have whole disk encryption set up. And this is good. It is a shame, that they cannot use Ubuntu Desktop Installer because of this lacking feature. Especially considering how trivial it must be to implement, when the code is already there in the alternate installer.

asobi wrote on the 25 Mar 11 at 22:13

I almost can't believe this hasn't been implemented yet. It's ridiculous that with every new version of Ubuntu I have to carry around two discs: one liveCD to ensure hardware compatibility before I install, and one "alternate" CD to actually do the install (with full-disk encryption).

Post your comment

Submit your idea