EFF delivers easy full-disk encryption for Ubuntu

Douglas sez,

18 months ago Boing Boing posted about EFF's effort to get Ubuntu to make full disk encryption (FDE) easy upon install. EFF has delivered.
I'm sure many of us have had and continue to have the experience of trying to nudge someone (or ourselves) over from OS X or Windows to GNU/Linux and LUKS full disk encryption, but the process got roadblocked at some point because using the alternate installer to config the partitions and all for FDE was just too much of a hassle for parties involved. Now in Ubuntu 12.10, FDE is just a tickbox in the default installer. How cool is that?
This means it's a good time to donate to EFF. And if you're using Ubuntu 12.10, don't forget to fix the privacy problems for which EFF provides a tutorial (thanks again!).

(Thanks, Doug!)

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: crypto • eff • floss • happy mutants • security • ubuntu

More at Boing Boing

Ants and Stars: Bruce Sterling and Jasmina Tesanovic visit the Sardinia Radio Telescope in Italy

The Snowden Principle

benenglish

I have never had a bit of problem using the alternate install disk to get whole-disk encryption when installing Ubuntu. I’ve been doing it for a bunch of releases already.

Two tips

First, the “using the alternate installer to config the partitions … was just too much of a hassle” is (now, was) a legit complaint. I always just selected the check box to let the installer have the complete disk. This seems like a useful improvement that will encourage FDE use for more people. Yay.

Second, have they solved the “impossible to upgrade” problem yet? I have *never* successfully upgraded version numbers for a Ubuntu machine with FDE. After beating my head against the wall a hundred different ways over the years, I find that the only method that works for a version number upgrade is to back up the boot disk, use a disk wiper to *fully* overwrite that disk (*especially* the boot sector), then do a new install from scratch.

Congrats to Canonical for delivering something that lots and lots of people have been asking for for a long time.

The best news in the article, though? It looks like this improvement will carry over to the next Mint release. I think I just decided to delay my next Ubuntu upgrade; I was going to do it this weekend. Mint 14, here I come!
http://billmcgonigle.com bill_mcgonigle

I had no idea it was that hard – Fedora has had this as a basic feature for years. Upgrades work without hesitation.
- hanoverfiste
  
  Ii have been using Fedora daily for 11 months now I actually didn’t realize that this was a feature. As for the upgrading, Beefy Miracle wasn’t painless. The day after I gave up and did a fresh install I found the work around for the problem with 15 and 16 having the same core name. Oh well, over the years I have learned a lot from starting over.
herklots

The problem with Ubuntu’s default installation is they don’t make a separate partition for / (system stuff) and /home (your stuff). Linux should be set up with 4 partitions: boot (100MB), swap (same size as you RAM is a good), / (10 to 20GB), and /home (rest of drive). Encrypt all but the boot partition. Now it’s easy to slap a new Linux on by telling the installer to keep the existing partitions, re-format the boot and / ones, but keep the /home as is.
- Sigmund_Jung
  
  Newbie question: how do you read your encrypted /home if you add a whole new / ? If that’s possible, doesn’t it defeat the purpose of encryption (I mean, I could steal a notebook, wipe the / , add my own system and read the /home contents?)
  - http://mattdm.org/ Matthew Miller
    
    Each partition is encrypted independently, and you remember the passphrase even when you reinstall /.
http://www.facebook.com/profile.php?id=661600086 David Huff

Be happy to try Ubuntu again once the problem of “(decent) ATI graphics cards support”is fixed. No, sorry…I can’t afford to replace it with NVIDIA just to get that support, either.

Been using Linux since RedHat 5 or thereabouts, and tried Ubuntu as recently as a year or so ago. Getting the ATI card working was hideous. Brought me back to the (not so) Good Ol’ Days of editing X11 conf files by hand :P
herklots

I found the best instructions at http://joernfranz.net/2011/01/20/installing-ubuntu-10-10-with-full-disk-encryption/, but the site is dead. I put a PDF of the instructions at http://home.comcast.net/~herklots/Installing%20Ubuntu%2010.10%20with%20LVM.pdf which I use whenever I use this, because there are a lot of details. Note that some of the screenshot pics don’t quite agree with the text (the text is correct).