| Summary: | Request: Allow easier encryption of auto-allocated /home partition while installing | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | psyca <linux> |
| Component: | Installer | Assignee: | Mageia Bug Squad <bugsquad> |
| Status: | RESOLVED WONTFIX | QA Contact: | |
| Severity: | enhancement | ||
| Priority: | Normal | CC: | fri, mageia, tmb |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | CVE: | ||
| Status comment: | |||
| Attachments: |
Example
installer |
||
|
Description
psyca
2020-03-08 21:28:42 CET
psyca
2020-03-08 21:28:56 CET
Summary:
Allow easier /home encryption while installing =>
Request: Allow easier /home encryption while installing Created attachment 11545 [details]
Example
Example
Step 1 : Select Custom disk partitioning
Step 2 : Click the box "Encrypt /home"
Step 3 : Enter Password
Step 4 : Auto allocate
No time now to check this out, but a couple of things strike me. 1) > The only way to encrypt [the /home partition] is to (for example) delete > the automatic created/calculated /home partition, create a new /home > partition manually and tick the checkbox "encrypted". For someone who wants to do this, this does not seem arduous. What would happen in an 'automated' partition choice where /home is included under '/' rather than separately? 2) I was unclear about "automatic partitioning" (where I think you propose the additional encrypted option) v "Select Custom disk partitioning" where the user decides everything. I will look at this tomorrow with an installer to clarify what is being asked. > Encrypting the /home is especially for SSDs recommended, because they have > an completely different file/datamanagement and maybe dont delete every > data if you format/overwrite existing data. This is also true for hard discs. CC:
(none) =>
lewyssmith Yea. Its a bit wired. Personaly i make everytime a clean install of the system and no upgrades (from MGA1 to 2 to 3 to 4 to 5 to 6 to 7) and select "Custom disk partitioning" -> Auto allocate (what i mean as automatic partitioning"), delete after that the allocated /home and create a new /home with encryption. It would be (for me) easier to select "encrypt /home" before allocate the partitions and than click on allocate to have directly an allocated encrypted /home. Also maybe this feature in the first step/window where you can choose between "use free space" or "custom disk partitioning" could be useful. Where you select "use free space with /home encrypted" But yea, i see your point where / is also the /home partition on drives with less space or if the user want this way. it's just an idea what could be changed maybe. OK, I have played as far as I dare without messing up my disc, and see more precisely what you are asking & where. I noticed that any partition manually *created* offers encryption . You are referring specifically to "Custom disc partitioning", and the bottom *Auto allocate* button of that - overall, just one of many possible partitioning paths. Clicking that alone showed nothing; I did not click the 'Done' button to see what would happen, but imagine that the last part of your useful screenshot shows the result: 3 partitions, / Swap /home . Not having spare hardware to explore further, it would be interesting to know what options you get when you click on the proposed /home partition on this auto-allocated screen; for *this* seems to be the place to ask for encryption. (It cannot be offered for the auto-allocated / partition since the included /boot cannot be encrypted). Can you attach screenshot(s) showing all the options available when you click on the *auto-allocated /home partition*, to see whether that would be a sensible place to ask for its encryption? Summary:
Request: Allow easier /home encryption while installing =>
Request: Allow easier encryption of auto-allocated /home partition while installing Automatic allocating plus encrypting /home seem to ask for trouble as it is hard to change size if you i.e need more / space. Also encrypting only /home is not enough to keep all secrets, as long as you have swap and /tmp unencrypted, and some interesting settings and logs are found in /etc and /root /var/log... Better is to create small /EFI and /boot, then one large encrypted pv for LVM, and inside that swap, /, /home. Leave unused space, and it is easy to extend partitions inside the LVM using diskdrake, while running! From command line you can even do snapshots. I always use LVM even when no encryption is needed, ju just dont tick that box. So IF there shopuld be an encryption check box for automatic partitionin i would strongly suggest it use LVM, and vreate /, /home /swap within, and maybe leave 30% inside LVM unused, for user to extend into when whatever partition need that. CC:
(none) =>
fri Thanks for your comment Morgan. It gets away from the 'automatic allocation' aspect that psyca is talking about - keep it simple. The moment you go beyond that, it is clearly up to you. I was just hoping to see whether there is an *easy* place where the option he requests could be slipped in. Perhaps nowhere. I have to retire from this now, so CC'ing Martin who is wise about all this. This can be easily closed 'wontfix', I hope with no hard feelings. CC:
lewyssmith =>
mageia Created attachment 11547 [details]
installer
I was thinking like an encryption setup similar to OpenSUSE (top) or Ubuntu (bottom)...
But ok... Status:
NEW =>
RESOLVED This is a valid feature enhancement, but it still needs someone doing the coding.... CC:
(none) =>
tmb note that we now have systemd 245 which has the new *-homed that is another approach to this encryption... |