For more security: Overwrite empty disk space option is ignored
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ubiquity (Ubuntu) |
Triaged
|
High
|
Unassigned | ||
Bug Description
Hi,
as far as I understand, the "Encrypt the new Ubuntu installation for security" option in the Ubuntu installer is meant to provide full disk encryption.
However, when using that option, it seems like as if the encryption would finish instantly, it literally does not seem to take any time at all.
When using BitLocker on Windows to encrypt the entire disk, it can take hours to fully encrypt the disk, even on SSDs. With BitLocker and other encryption tools like DiskCryptor or TrueCrypt for example, there's also a progress indicator, which shows how much of the disk is encrypted already.
Why is that not the case with the "Encrypt the new Ubuntu installation for security" option in the Ubuntu installer?
Even on my 1 TB SSD the encryption seems to be set up instantly and there's no progress indicator whatsoever.
How's that possible?
Someone on the forum said:
> http://
>
> Data doesn't become encrypted until written
But if that would be true, then the "Encrypt the new Ubuntu installation for security" option in the installer is not full disk encryption at all.
If he is correct, then it does not encrypt the entire disk then. It only encrypts used disk space. The empty space is not encrypted then.
At least with BitLocker you have the option to choose between encrypting used disk space only or encrypting the entire disk, see following screenshot for example:
https:/
On the forum it was also mentioned that:
> http://
>
> If you want to randomly initialize the storage areas PRIOR to writing anything,
> that will take some. I seem to recall it being an optional checkbox for the installation.
And, indeed, there is a "For more security: Overwrite empty disk space (The installation might take much longer.)" option on the next screen after the screen which has the "Encrypt the new Ubuntu installation for security" option.
Now, the question is: If that option is checked, does it just overwrite the empty disk space? Or does it also encrypt it?
I was assuming that it only overwrites it with zeros before encrypting it. I was assuming that the entire disk would be encrypted anyway using the Encrypt the new Ubuntu installation for security" option, regardless of the "For more security: Overwrite empty disk space (The installation might take much longer.)" option.
Regards
| information type: | Public → Public Security |
| description: | updated |
| Phillip Susi (psusi) wrote | #1 |
| Changed in ubiquity (Ubuntu): | |
| status: | New → Invalid |
| Seth Arnold (seth-arnold) wrote | #2 |
| Changed in ubiquity (Ubuntu): | |
| status: | Invalid → Incomplete |
| SamInside (sam-inside-89) wrote | #3 |
| Changed in ubiquity (Ubuntu): | |
| status: | Incomplete → Confirmed |
| SamInside (sam-inside-89) wrote | #4 |
| summary: |
- "Encrypt the new Ubuntu installation for security" option does not seem - to provide proper full disk encryption? + For more security: Overwrite empty disk space option is ignored |
| Changed in ubiquity (Ubuntu): | |
| status: | Confirmed → Triaged |
| importance: | Undecided → High |
| SamInside (sam-inside-89) wrote | #5 |
.jpg){kind=link}
There is no data on the drive yet, so there isn't a lot of work to be done. All it has to do is configure the system to encrypt everything that gets written to the disk from now on.