Ubuntu
ubiquity package

full-disk encryption should hide/de-emphasize encrypted homedirs

Bug #1055797 reported by Steve Langasek
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ubiquity (Ubuntu)
Triaged
Low
Mathieu Trudel-Lapierre

Bug Description

A customer has noted that in the quantal installer, if you choose full-disk encryption with LUKS you are then *also* offered the option to enable homedir encryption with ecryptfs. The latter option should probably be de-emphasized when LUKS has been chosen.

Tags: needs-design
Revision history for this message
Steve Langasek (vorlon) wrote :

Dmitrijs, this isn't critical to fix for quantal, but as you're hip-deep in the relevant code I thought I'd bring this to your attention in case you think it's an easy fix.

Changed in ubiquity (Ubuntu):
assignee: nobody → Dmitrijs Ledkovs (xnox)
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I will talk with mpt about this one.

My argument is that ecryptfs still has its use-cases even with the full disk encryption enabled, e.g. in multi-user/mutli-admin environment.

On the other hand, I do agree that ecryptfs is easy to enable/disable post-install and that full-disk encryption covers more encryption/privacy use cases.

tags: added: needs-design
Revision history for this message
Mark Russell (marrusl) wrote :

It's deselected by default; maybe a warning could appear if you select it: "You have already selected full disk encryption. Are you sure you want to also encrypt home directories?"

I agree there's a potential use case. But it must be pretty rare. FDE seems to be more often enforced on laptops, which aren't usually multi-user. You could hide it and allow for preseeding or warn?

Thanks.

Dimitri John Ledkov (xnox)
Changed in ubiquity (Ubuntu):
assignee: Dimitri John Ledkov (xnox) → Mathieu Trudel-Lapierre (mathieu-tl)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.