programmatically checking disk encryption

Eric Demer demer at mailbox.org
Wed May 26 07:01:33 UTC 2021 

> Date: Wed, 26 May 2021 06:31:18 +0000
> From: Sorin Srbu <sorin.srbu at ki.se>
> To: "ubuntu-users at lists.ubuntu.com" <ubuntu-users at lists.ubuntu.com>
> Subject: Re: verifying that disk is encrypted
> Message-ID: <b2fa252b8fa116f5472df4ad1854e51cf85ffc00.camel at ki.se>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> On Tue, 2021-05-25 at 21:59 -0700, Eric Demer via ubuntu-users wrote:
> > I successfully re-installed Ubuntu with the built-in encryption on, and
> > now I need 
> > to do _something like_ letting my employer verify that I do have it
> > encrypted. 
> > I say  "something like"  because, _for built-in encryption_,
> > submitting a screenshot would be enough. 
> > However, I have not found any way of
> > 
> > (a)  taking a screenshot of the  "Please unlock disk"  screen 
> > or 
> > (b)  bringing up anything else showing that the built-in encryption is
> > enabled 
> > 
> > . 
> > 
> > 
> > It makes some sense to me that (a) might intentionally be impossible or
> > hard,
> > but I'm quite surprised that I haven't found a way of doing (b). 
> > 
> > Do you know how to do either of those? 
> > 
> > (I _have_ considered just taking a _photo_ of the  "Please unlock disk" 
> > screen, 
> > and might end up just doing that, but that alternative would require
> > specific approval which it would probably take some time to get.) 
> 
> Taking a photo of the unlock screen is what occured to me first as well.
> However, maybe a short video clip from boot, to entering the password to
> unlock the hd is maybe better and the following startup may be better, as
> pics can be faked.
> 
> Video can be faked too, but at least the clip shows you have it enabled,
> kinda' sign of good faith you know.
> 
> Am curious, do Windows users at your employer's also need to prove Bitlocker
> is enabled?


My employer issues laptops to some employees:
These are encrypted before they are
given to the employee, and just need
a control sticker indicating that.

For laptops purchased by the employee,
my employer's Windows users would need to show
Bitlocker is enabled if that's what they're using. 
(They could use Veracrypt or something else instead,
but non-builtin encryption would require
a longer process with my employer.)



Eric Demer

More information about the ubuntu-users mailing list