[Bug 1602155] Re: For more security: Overwrite empty disk space option is ignored
SamInside
1602155 at bugs.launchpad.net
Thu Dec 31 15:44:05 UTC 2020
Bug not yet solved in Focal 20.04.01
6 years old SECURITY bug.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1602155
Title:
For more security: Overwrite empty disk space option is ignored
Status in ubiquity package in Ubuntu:
Triaged
Bug description:
Hi,
as far as I understand, the "Encrypt the new Ubuntu installation for
security" option in the Ubuntu installer is meant to provide full disk
encryption.
However, when using that option, it seems like as if the encryption
would finish instantly, it literally does not seem to take any time at
all.
When using BitLocker on Windows to encrypt the entire disk, it can
take hours to fully encrypt the disk, even on SSDs. With BitLocker and
other encryption tools like DiskCryptor or TrueCrypt for example,
there's also a progress indicator, which shows how much of the disk is
encrypted already.
Why is that not the case with the "Encrypt the new Ubuntu installation
for security" option in the Ubuntu installer?
Even on my 1 TB SSD the encryption seems to be set up instantly and
there's no progress indicator whatsoever.
How's that possible?
Someone on the forum said:
> http://ubuntuforums.org/showthread.php?t=2330425&p=13516293#post13516293
>
> Data doesn't become encrypted until written
But if that would be true, then the "Encrypt the new Ubuntu
installation for security" option in the installer is not full disk
encryption at all.
If he is correct, then it does not encrypt the entire disk then. It
only encrypts used disk space. The empty space is not encrypted then.
At least with BitLocker you have the option to choose between
encrypting used disk space only or encrypting the entire disk, see
following screenshot for example:
https://i-technet.sec.s-msft.com/en-us/windows/jj983729.bitlocker-
screen(en-us,MSDN.10).jpg
On the forum it was also mentioned that:
> http://ubuntuforums.org/showthread.php?t=2330425&p=13516293#post13516293
>
> If you want to randomly initialize the storage areas PRIOR to writing anything,
> that will take some. I seem to recall it being an optional checkbox for the installation.
And, indeed, there is a "For more security: Overwrite empty disk space
(The installation might take much longer.)" option on the next screen
after the screen which has the "Encrypt the new Ubuntu installation
for security" option.
Now, the question is: If that option is checked, does it just
overwrite the empty disk space? Or does it also encrypt it?
I was assuming that it only overwrites it with zeros before encrypting
it. I was assuming that the entire disk would be encrypted anyway
using the Encrypt the new Ubuntu installation for security" option,
regardless of the "For more security: Overwrite empty disk space (The
installation might take much longer.)" option.
Regards
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1602155/+subscriptions
More information about the foundations-bugs
mailing list