Encrypted $HOME Now Offerred at Installation
Ubuntu Karmic Alpha5 image now offers home directory encryption as an option to all installing users!.We introduced Encrypted Private Directories in the Ubuntu 8.10 release, using eCryptfs (an enterprise cryptographic filesystem in the Linux kernel) on $HOME/Private. This release helped "prove" eCryptfs, and helped us identify and fix a number of issues. This new approach to encrypted private data in Ubuntu provided a safe folder where users could store confidential information, automatically mounted at login, and unmounted at logout.
In Ubuntu 9.04, we retained the Encrypted Private Directory feature, but additionally offered Encrypted Home Directories to advanced users, through the alternate installer and a special boot parameter. This release generated quite a bit of interest in the feature and a healthy user community. Many, many thanks to the Ubuntu users and developers who used this feature, helping to file and fix bugs along the way.
Read Full Story from here
It was already offered at installation now its just in a different place… Must be a slow news day.
What about users who upgrade to this version?
are they able to somehow enable the feature or anyone who want this feature must perform a clean install?
I doubt I’ll use this until there is some way to boot a livecd and mount the encrypted partition without much effort (with the key of course). I’d love to have my /home encrypted but don’t want to have to fiddle with trying to get my data back should the install go belly-up
You already can mount the thing w/o too terribly much trouble providing you have the key…
As far as wanting to do the install most are going to want to install this one from the ground up anyway as it now has EXT4 as a default file system.
Not upgrading to the new file system type is leaving a lot of performance improvement on the table.
I use a LUKS and LVM setup. Still don’t see a real reason to switch.
It IS really easy to do exactly what you saying.
1.Unlock the LUKS partition with pass-phrase.
2.Activate the LVM group.
3.Mount the logical volume.
I still think that the encrypted private directory is the best way to go. Its less performance hit and you still have the protection. I honestly don’t see it being too big of an issue if someone really cared to spend the time to find my cookies and bookmarks and application settings. What few apps that store things in plain text (like remote desktop files from the TSC app and what not) I can put those settings in the private folder. Then tax things and other sensitive materials from work I can store there. Beyond that I’d rather have the performance. An encrypted ~ added a big hit to the boot performance a few versions ago when I was doing some testing. One of the main reasons I run Linux is for the performance. An encrypted ~ is a lot like having to have a virus scanner running in the background on Windows all the time. Cept its a little more necessary when running a scanner in Windows.
Brett, It was offered before but ONLY if you used the alternate install CD. This option makes it so much easier.
I just finished setting up a Jaunty laptop with home directory encryption and it wasn’t as easy to do as entire hard drive encryption either. The only option before was entire partition encryption, not specifically home directory encryption.
I highly recommend home dir encryption for everyone – entire drive encryption has a noticeable performance hit.