installer icon indicating copy to clipboard operation
installer copied to clipboard

Published 20 hours ago verified publisher icon elementary

Feature request: make installer "force" users to encrypt their OS drive

Open spotlesscoder opened this issue 3 years ago • 4 comments

Problem

The step after selection of the disk, elementary should be installed on, the next step has two buttons at the bottom "Choose password" and "Don't encrypt".

The "Don't encrypt" button is in the bottom right corner. In most install wizards I know, the button in the bottom right corner is always the "proceed" action.

As I was in a hurry this evening fixing my broken system with a fresh install, I quickly proceeded through the install wizards steps and accidentally proceeded with the "Don't encrypt" option which immediately started the actual elementary OS installation.

So I had to reboot the laptop and start all over with the installation procedure. Also, the point in time where I triggered the reboot seems to have been very unlucky. When I went through the installer the second time, this time providing a disk encryption - I encountered the following error message after some seconds.

I can't reproduce the issue in the third install but the error message in the second try said something like "same lvm group on disk already existing" or so.

At least on mobile devices like laptops etc., my opinion is that the OS drive (better: all storage media) should be encrypted as theft is a very common risk to those devices.

Proposal

Prevent from starting install too early without OS drive password by

a) Switching the both buttons positions b) Additionally: when user chooses the "Don't encrypt" button, display a confirmation dialog that explains why disk encryption is important and lets the user cancel his choose and provide a disk encryption password.

Prior Art (Optional)

No response

spotlesscoder avatar Oct 04 '22 18:10 spotlesscoder

In earlier revisions we had “Encrypt” as the default option, but there are some known drawbacks at the moment that make it less than ideal for everyone. In a future where the pros outweigh the cons, I think we will switch it back to encrypt by default

danirabbit avatar Oct 04 '22 18:10 danirabbit

Hmm.. could you please go in to detail a bit more about the experienced problems with encryption?

spotlesscoder avatar Oct 04 '22 19:10 spotlesscoder

  • If you use a bluetooth keyboard as your only keyboard, it won't connect during the decryption screen and you have to plug in a USB keyboard to decrypt your drive
  • There are issues with multiple keyboard layouts and which one is available/selected at the point where you enter/set your password, possibly leaving you locked out.
  • If your GPU/system isn't capable of displaying the bootsplash for whatever reason (usually older nvidia GPUs), you don't see the decryption screen and have to just know to type your password into a blank screen or otherwise think it's broken. Without encryption, these PCs would probably boot to the login screen fine.

davidmhewitt avatar Oct 04 '22 22:10 davidmhewitt

Maybe whitelisting of certain device models might work. It should be possible to read device vendor and model somehow via existing APIs (I hope so at least).

The community could test common devices and contribute to such a list. What I can say is that the following devices had no issues for me:

Thinkpad L460 Thinkpad A275 Dell XPS 13 2 in 1 2020 Model (Full HD Display version)

spotlesscoder avatar Oct 05 '22 17:10 spotlesscoder

I'm going to go ahead and close this as "Design conflict" since we have to balance encouraging people to encrypt with the reality that it could make their device unusable if they aren't making an informed choice

danirabbit avatar Nov 28 '22 18:11 danirabbit