Ubuntu
ubiquity package

Ubiquity encrypted home doesn't setup encrypted swap

Bug #673028 reported by Marc Deslauriers on 2010-11-09

278

This bug affects 4 people

	Status	Importance	Assigned to
ubiquity (Ubuntu)	Invalid	High	Evan
Karmic	Invalid	Undecided	Unassigned
Lucid	Invalid	Undecided	Unassigned
Maverick	Invalid	Undecided	Unassigned
Natty	Invalid	High	Evan
user-setup (Ubuntu)	Fix Released	Critical	Evan
Karmic	Won't Fix	Undecided	Unassigned
Lucid	Won't Fix	Undecided	Unassigned
Maverick	Won't Fix	Undecided	Unassigned
Natty	Fix Released	Critical	Evan

Bug Description

Binary package hint: ubiquity

When encrypted home functionality was introduced in Ubiquity in the jaunty cycle, it was decided to wait until encrypted swap was also available before enabling it as encrypted home without encrypting the swap space is not secure. From the 1.11.10 changelog:

* Disable the encrypted home option. This cannot be considered secure
without encrypted swap. The option can still be enabled by preseeding
it.

During the karmic cycle, encrypted swap was added to the installer, and was enabled in the beta builds. Web pages were created that explained the lack of hibernation support when encrypted swap was used:

http://blog.dustinkirkland.com/2009/06/migrating-to-encrypted-home-directory.html
https://help.ubuntu.com/community/EncryptedHome

Somewhere before Karmic was released, Ubiquity stopped setting up encrypted swap. As a result, Karmic, Lucid and Maverick have all shipped with the encrypted home option enabled, but with clear text swap space.

This needs to be addressed as encrypted home alone isn't considered safe.

Tags:

Related branches

lp:~ubuntu-core-dev/user-setup/ubuntu

lp:ubuntu/natty/user-setup

Marc Deslauriers (mdeslaur) on 2010-11-09

visibility:

private → public

Kees Cook (kees) on 2010-11-09

Changed in ubiquity (Ubuntu):
importance:	Undecided → High

Kees Cook (kees) on 2010-11-09

Changed in ubiquity (Ubuntu Natty):
milestone:	none → natty-alpha-2
status:	New → Confirmed
Changed in ubiquity (Ubuntu Maverick):
status:	New → Confirmed
Changed in ubiquity (Ubuntu Lucid):
status:	New → Confirmed
Changed in ubiquity (Ubuntu Karmic):
status:	New → Confirmed

Kate Stewart (kate.stewart) on 2010-11-17

Changed in ubiquity (Ubuntu Natty):
assignee:	nobody → Canonical Foundations Team (canonical-foundations)

Colin Watson (cjwatson) on 2010-12-10

Changed in ubiquity (Ubuntu Natty):
assignee:	Canonical Foundations Team (canonical-foundations) → Evan Dandrea (ev)

Revision history for this message

Evan (ev) wrote on 2010-12-10:

syslog Edit (146.3 KiB, text/plain)

So it looks like blkid is saying the swap partition is not when ecryptfs-setup-swap calls it. I'm going to investigate further.

Evan (ev) on 2010-12-10

Changed in user-setup (Ubuntu Natty):
assignee:	nobody → Evan Dandrea (ev)
importance:	Undecided → Critical
status:	New → In Progress

Revision history for this message

Evan (ev) wrote on 2010-12-10:

proposed fix Edit (1.4 KiB, text/plain)

Brian Murray (brian-murray) on 2010-12-11

tags:

added: patch

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-12-17:

This bug was fixed in the package user-setup - 1.28ubuntu12

---------------
user-setup (1.28ubuntu12) natty; urgency=low

* Mount /sys in the chroot for swap encryption, so that devtmpfs can
create block devices (LP: #673028).
-- Evan Dandrea <email address hidden> Fri, 17 Dec 2010 14:52:01 +0000

Changed in user-setup (Ubuntu Natty):
status:	In Progress → Fix Released

Revision history for this message

Colin Watson (cjwatson) wrote on 2010-12-17:

ubiquity (2.5.6) natty; urgency=low

  [ Colin Watson ]
  * Recommend btrfs-tools (LP: #674805).
  * Sync network configuration with netcfg: drop ip6-allhosts (see Debian
    #533384); strip trailing dots from the hostname and leading and trailing
    dots from the domain.
  * Automatic update of included source packages: grub-installer
    1.57ubuntu2, netcfg 1.57ubuntu3, partman-auto 93ubuntu3, partman-target
    71ubuntu1, user-setup 1.28ubuntu12.

  [ Mario Limonciello ]
  * If available, copy GRUB translations in oem-config user mode.
    (LP: #686789)

  [ Evan Dandrea ]
  * Add debconf template for password confirmation (LP: #654491).
  * Translate the 'passwords do not match' string (LP: #686737).

-- Colin Watson <email address hidden> Fri, 17 Dec 2010 15:02:18 +0000

Changed in ubiquity (Ubuntu Natty):
status:	Confirmed → Fix Released

Brian Murray (brian-murray) on 2011-01-03

Changed in user-setup (Ubuntu Karmic):
status:	New → Confirmed
Changed in user-setup (Ubuntu Lucid):
status:	New → Confirmed

Brian Murray (brian-murray) on 2011-01-03

Changed in user-setup (Ubuntu Maverick):
status:	New → Confirmed

Revision history for this message

Steve Embling (stevene101293371) wrote on 2011-04-06:

This doesnt appear fixed in 11.04? Option is still there to encrypt and swap is created. should swap not be turned off by default when encryption is turned on?
-10.10 the default low battery operation is to hibernate - only done this once and the key is still in swap after over a month. This has at least improved in 11.04, it now defaults to suspend mode.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2011-04-13:

I just installed natty with today's ISO, and swap is still not being setup as encrypted when the encrypted home directory option is selected during install. Re-opening this bug.

Changed in ubiquity (Ubuntu Natty):
status:	Fix Released → Confirmed
Changed in user-setup (Ubuntu Natty):
status:	Fix Released → Confirmed

Kate Stewart (kate.stewart) on 2011-04-17

Changed in ubiquity (Ubuntu Natty):
milestone:	natty-alpha-2 → none

Revision history for this message

Evan (ev) wrote on 2011-04-18:

This is failing because the following conditional is not returning true, thus leaving /dev unmounted:

if ! grep -qE '^[^ ]+ /dev/' $ROOT/proc/mounts; then

So when blkid is run to determine whether the partition is swap, it returns nothing.

Revision history for this message

Evan (ev) wrote on 2011-04-18:

mounts Edit (1.2 KiB, text/plain)

Interesting. The attached /proc/mounts from inside the chroot lists a devtmpfs mounted on /dev, but if I try to umount it as the next statement:
umount: /dev: not mounted

Also, the grep on the conditional is broken. It will return true for /dev*.

Revision history for this message

Evan (ev) wrote on 2011-04-18:

The stupidity of my previous comment has just hit me :)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-04-18:

#10

This bug was fixed in the package user-setup - 1.28ubuntu15

---------------
user-setup (1.28ubuntu15) natty; urgency=low

* Provide an infinitely better check for /dev being mounted
(LP: #673028). Fixes encrypted swap.
-- Evan Dandrea <email address hidden> Mon, 18 Apr 2011 17:34:15 +0100

Changed in user-setup (Ubuntu Natty):
status:	Confirmed → Fix Released

Evan (ev) on 2011-04-19

Changed in ubiquity (Ubuntu Karmic):
status:	Confirmed → Won't Fix
status:	Won't Fix → Invalid
Changed in ubiquity (Ubuntu Lucid):
status:	Confirmed → Invalid
Changed in ubiquity (Ubuntu Maverick):
status:	Confirmed → Invalid
Changed in ubiquity (Ubuntu Natty):
status:	Confirmed → Invalid
Changed in user-setup (Ubuntu Karmic):
status:	Confirmed → Won't Fix
Changed in user-setup (Ubuntu Maverick):
status:	Confirmed → Won't Fix