Add fscrypt encryption option to Ubuntu installer
Currently, the Ubuntu installer offers Full Disk Encryption (FDE) via LUKS, which is a strong solution but uses a single key to encrypt the entire partition. This can be complex to manage for advanced users and does not provide seamless, individual encryption for each user on a shared installation.
I propose adding an fscrypt file encryption option to the Ubuntu installer. fscrypt is a modern solution integrated directly into the Linux kernel that allows for the encryption of each individual file with its own unique key. This granular encryption model offers superior security benefits, aligning with mobile industry standards:
Enhanced Security and Resilience: If a single encryption key is compromised, it only affects that specific file, leaving all others secure. This level of protection is similar to what is found on modern mobile operating systems like Android and Apple (with APFS), which also encrypt files one by one.
Transparent User Experience: Using the PAM module, the user's home directory is automatically decrypted upon login without requiring an additional password.
Flexibility: Encryption can be enabled only for home directories, improving the performance and accessibility of the rest of the system.
The goal is to provide a simple and transparent user experience where personal data encryption is either enabled by default or clearly offered as an option during installation, making Ubuntu as secure and modern as the most advanced mobile platforms.
GITHUB:
https:/
KERNEL LINUX:
https:/
ANDROID:
https:/
APPLE:
https:/
Blueprint information
- Status:
- Not started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
