Installation with FDE leads to unencrypted file system
- Vous devez vous identifier ou créer un compte pour écrire des commentaires
Hi,
it seems that if I use the graphical installer and choose to erase the disk and install Trisquel along with encryption of the new installation (with all the partition defaults given by the installer later, no manual partitioning), the unencrypted partition doesn't only contain the data relevant for the boot process (which would be normal).
Instead, the unencrypted partition created is huge (ca. 15 GB) and contains the boot relevant data as well as many - if not all - parts of the filesystem, including folders like bin, etc, usr and others. All these are unencrypted and can be accessed in a live session without the passphrase.
Has anybody experienced this as well? Or have I done something wrong? As said, I have chosen all the defaults offered by the graphical installer, so there wasn't a big chance to set something wrong. This happened on Belenos as well as on Flidas.
Hope someone can help me with this. Thanks
Only /home is encrypted by default. I highly recommend to encrypt the swap partition (there may even be your password there!) using these two command lines (although I am not sure of the order) while the swap is on and replacing /dev/sdaX with your swap partition (which may even be on a second disk, /dev/sdb):
$ echo 'cryptswap1 /dev/sdaX /dev/urandom swap,cipher=aes-cbc-essiv:sha256,offset=16' | sudo tee /etc/crypttab
$ sudo ecryptfs-setup-swap
Now, if you really want to encrypt the system (the most sensitive data are the logs, I guess; not that sensitive), there is this old manual (that you could update along the process): https://trisquel.info/en/wiki/full-disk-encryption-install
Okay, thanks for making this clear. I thought the graphical installer's default was to encrypt everything except boot relevant data.
Is there a reason why by default only /home is encrypted?
So let's say I also encrypt swap and there is an attacker with physical access to the machine - wouldn't it be easier for him to mess with the OS or even break the encryption than it would be with "classic" full disk encryption (unencrypted boot partition with no more files than necessary for booting and everything else encrypted)?
Well yes, the attacker with physical access could install malware in your system, e.g., a keylogger that would send everything you type, including your password, to a server. If you do not immediately notice the attack, you are screwed. So, as far as I understand, Trisquel's default encryption only protects your data against the most common physical attack: laptop robbery.
However, I do not the situation is any different with only /boot unencrypted: after all, the attacker can still change the kernel.
You can set a BIOS password, to enter every time, to prevent the attacker from booting a live system or from modifying GRUB's configuration to get a root terminal. And, of course, lock the screen whenever you leave your computer unattended.
- Vous devez vous identifier ou créer un compte pour écrire des commentaires