From Mageia wiki
Jump to: navigation, search

Warning : Mageia already proposes to encrypt partitions using LUKS on a LVM setup, but the feature concerns a simpler access to encryption.

Summary

During the installation process, nothing is mentioned about encryption possibilities. The Mageia Installer should propose a button to allow / or/and /home installation on encrypted partitions.


Comments:

  • Also /swap ought to be encrypted if system or user content is.
  • As it is normally set up, users are asked for phrase once per encrypted partition. This may be solved by other means, but to not change too much, i propose to create a large encrypted pv for LVM, and in LVM create / /home /swap and not allocate full area. That is how I do it manually on most systems. Any time later user can extend partition (except swap) while running, (it have never failed for me, using diskdrake) or use the extra space for snapshots if he is advanced.
  • We must not forget ESP. Is separate unencrypted /boot is still needed?
  • One example of realisation is to in the partitioning stage add a check mark for encryption, and field for the key. When user proceeds diskdrake creates that encrypted pv, add it to vg_mga, and lands user in the normal next stage, but with vg_mga selected. The auto allocation button then allocate / /home /swap with some sane sizes, and some free space.

/Morgano 2022-01-31

Owner

  • Name: Asked by Lebarhon for Dupo (MLO)
  • Email: Lebarhon@free.fr

Resources

  • Packagers to compile tools and apply patches if needed
  • QA to test if encrypting tools are correctly supported (i586 and x86_64)
  • Documentation Team to add a chapter concerning encryption in drakx-help

Current status

  • Targeted release: Mageia 5
  • Last updated: 2025/05/31
  • Percentage of completion: <XX>%

Detailed Description

The encryption tool could propose some options:

  • Encryption of the whole disk
  • Encryption of the Mageia partitions
  • Encryption of the /home only

In order to add this new feature, we should use to differents ways, i think:

  • The fisrt one uses eCryptfs, which is currently developped for Ubuntu and allow users to encrypt only their home directory /home
  • We should use LUKS (cryptsetup) in order to encrypt partitions and the whole HDD

Why it would be good for Mageia to include it

  • Encryption is more and more used.
  • The installer is often the first contact with Mageia, it must propose many possibilities.
  • Mageia must be able to manage the modern technologies
  • Mageia must not fall behind the other Linux distros (Mageia is one of the last popular distro who didn't propose Encryption)
  • Mageia will then be used in any setup (in compagnies' servers for example) who need to protect their data.

Test case

  • Check if encrypting does work on : entire HDD, only one partition, and the /home directory

All versions of Mageia have supported encrypted filesystems. The only thing to keep in mind, is that if / is encrypted, a non-encrypted /boot must also be created, so the boot loader can read the kernel and initrd.

With every release of Mageia so far, qa testing has included using encrypted file systems on regular partitions, as well as in lvm logical volumes.

Software / Packages Dependencies

List of packages to be implied

What could disrupt development of this new feature

  • If packagers and QA are not as much as required to test the feature.
  • Problems during encryptions
  • Abnormal behavior from the software used.

Planning

  • If accepted, this feature should be included, at least in Mageia 5 Beta 1 (2014/09/30) in order to be as much tested as possible

Contingency

Release Notes

  • Encryption is now supported by default in Mageia 5, you can now safely protect your datas using LUKS or/and enCryptfs

Documentation

  • Documentation Team will have to update documentation to include this new feature
Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Feature:Encryption&oldid=53652"