No encryption for system and data
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical System Image |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
There is still no possibility for any full encryption of data partition or system of the BQ device. It could be ecryptfs, LUKS oder someday the new direct ext4 encryption (PDF: http://
phablet@
Adding user `test' ...
Adding new user `test' (1007) with group `clickpkg' ...
Creating home directory `/home/test' ...
Setting up encryption ...
*******
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
ecryptfs-
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
*******
Done configuring.
Copying files from `/etc/skel' ...
passwd: Authentication token manipulation error
passwd: password unchanged
Try again? [y/N]
The version of the last test was a little while ago:
phablet@
current build number: 88
device name: generic_x86
channel: ubuntu-
last update: 2015-01-31 03:18:12
version version: 88
version ubuntu: 20150131
version device: 20150129
version custom: 20150131
phablet@
Maybe you get some encryption to work for us early adopters. We need no gui at the moment nor a official write-protected image without apt-get for this! But what we need: It should work. But how?
That would be very fine if you can help us to fix ecryptfs (passwd error) or to get another encryption to work. Tipps from Canonical developers, the security team and readers are very welcome too. Let's make a real and more secure alternative to other mobile systems. Let's encrypt. The sooner the better.
Greetings from Germany, lgd
| information type: | Private Security → Public Security |
| Pat McGowan (pat-mcgowan) wrote | #3 |
| Changed in canonical-devices-system-image: | |
| status: | New → Confirmed |
| Changed in canonical-devices-system-image: | |
| milestone: | none → backlog |
| Pat McGowan (pat-mcgowan) wrote | #4 |
The new ext4 encryption since kernel 4.1 is a option to implement it for the home partition. It is simple for folders. But it needs an automated decryption with the login screen with the PIN or password question. And it needs a option in the first welcome dialog.
It would be great for a milestone for this Ubuntu Touch with base of Ubuntu 16.04 LTS. Or maybe for the first convergence device but I think for this it is to late to implement this kernel. At the end of this page are some examples for "ext4-crypt create folder" and so on:
http://
It is still early stuff but maybe in kernel 4.2 and so on it's better integrated. Please verify one way to encrypt in a future release of one of the development channels when kernel 4.1 and higher is integrated. So you could test it early and make it more stable for the stable channels or give users of development channels a choice. Maybe it is saver to integrate ecryptfs from the Ubuntu desktop edition for now?
But many power users of your phone have a need for a security solution in the next 6-9 months or so. It is standard in Android 5, too.