disk encryption for Ubuntu 20 LTS
Paul Smith
paul at mad-scientist.net
Fri May 21 20:16:10 UTC 2021
On Sat, 2021-05-22 at 05:12 +1000, Karl Auer wrote:
> On Fri, 2021-05-21 at 13:01 -0400, Paul Smith wrote:
>
> > When I got my work laptop I installed Ubuntu 18.04 and checked
> > "full disk encryption". It worked perfectly and I've been using it
> > for 3 years and have not had any problems.
>
> I'm curious as to how many users of full disk encryption have checked
> that the disk is in fact encrypted? I guess by booting another OS and
> trying to read the disk.
I haven't done it lately but back in the day we did verify it.
> > During that time I've upgraded (in-place upgrade, not re-install)
> > to Ubuntu 20.04, installed multiple firmware updates, etc.
>
> How do you manage keys across those processes? Do you even need to?
No. There's not a user-manageable key. It's all handled internally,
by your boot loader (grub or whatever); you have to type in your
passphrase when the system boots (there's a password entry box that
happens more-or-less on your boot screen).
You can also have multiple passphrases (I think up to 8), which is
really great for a work system so that both you and IT can have your
own passphrase and not share. I think the setup of the extra
passphrases is not completely integrated in Ubuntu unfortunately (last
I looked) so you need some CLI commands to add extras, but it's no big
deal.
More information about the ubuntu-users
mailing list