[Bug 1773457] Re: Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems
I meant to add this in my preceding comment. This is an example implementation of signed kernel and initramfs for Ubuntu: https://github.com/Phant0mas/ubuntu-secure-boot Unsure if it works with 18.04, but this method could be implemented natively. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773457 Title: Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1773457/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1773457] Re: Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems
I am with Paddy on this one. This isn't a "nice to have" feature but an essential feature that any operating system with even a sliver of hope of enterprise-wide adoption needs to support in the second decade of the 21st century. Windows has the benefit of fully supporting TPM based encryption and secure boot which so each item loaded at boot time has a cryptographic signature which is verified by the secure boot system. Modifications will result in an un-bootable system. Mac OS X has FileVault along with System Integrity Protection which similarly will make it very difficult to boot poisoned pieces of the operating system to extract bits of information that should be protected on disk by encryption. Ubuntu, at this point, does not offer a level of tamper- resistance similar to this without implementing unsupported modifications that (like this method) are not for ordinary users who just want to install something "that works." This is both deeply disappointing to a security and privacy minded individual like myself and it WILL prevent adoption of this system in areas where complete system encryption and built-in tamper resistance are non-negotiable requirements (defense, financial, legal, healthcare, and more -- most industries are very security conscious now). I'm blown away by the animosity shown by some that have commented on this thread who dismiss this issue has unnecessary because "encryption isn't supposed to be used to prevent modification of items on disk" or that "the bug isn't really against the named packages" or to "use the minimal installer" to do this. A leading operating system (which Ubuntu should be considered one at this point) in the 21st century needs to support an easy, out of the box way to ensure private information stays private. The proof of concept attack to which the "full disk" encryption method supported by the Ubiquity installer is vulnerable to is fairly straight- forward to implement. It does require physical access to a system but this requirement is generally met when the device is portable, aka a laptop. Please see the procedure described here to understand how initrd/initramfs poisoning works: https://twopointfouristan.wordpress.com/2011/04/17/pwning-past-whole- disk-encryption/ Considering the relatively simplicity of this attack, as well as the existence of a clear way to remove this vulnerability, I think this issue needs to be addressed both in terms of updating the full disk encryption method supported in the installer, along with fixing the grub2 package so the issue Paddy had to write a script to fix no longer exists. I'd also like to offer an alternative method which could/should be examined for more official support, and that is to truly support secure boot by using signed kernel and initrd images. This would require Ubuntu to build in a way to sign kernels and initrd files with the Microsoft key, or to create self-signed keys on each machine and install them into the EFI. I almost prefer this version because it it uses secure boot for what it is intended to do: ensure the files loaded at boot time have not been tampered with. Finally, I'd like to add that Ubiquity also needs to support doing encryption with a btrfs root, which currently will result in a non- bootable system if you manage to configure it as such. When using btrfs as root it would also be nice if it supported an encrypted root without the use of LVM since btrfs over LVM is kind of redundant. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773457 Title: Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1773457/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1751671] Re: zfs in bionic (0.7.5) is missing encryption support
While this feature hasn't been released in a tagged version, I have noticed that ZoL is at release 0.7.9 while the version in the Ubuntu repo's for bionic is 0.7.5. What is the update plan for these packages? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1751671 Title: zfs in bionic (0.7.5) is missing encryption support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1751671/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 784936] Re: Another person with random x crashes on ubuntu 11.04
I'd like to add that I too am using regular gnome (ubuntu "classic") rather than unity. Unity doesn't perform well enough on my Thinkpad x100e to justify its use (bloated software -- I'm not impressed). Thankfully the old setup is still available. The Thinkpad X100e has a mobile Radeon card in it but I'm not using the proprietary drivers as the open source ones (default in Ubuntu for supported cards) provide better performance. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/784936 Title: Another person with random x crashes on ubuntu 11.04 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 784936] Re: Another person with random x crashes on ubuntu 11.04
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/784936 Title: Another person with random x crashes on ubuntu 11.04 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 784936] [NEW] Another person with random x crashes on ubuntu 11.04
Public bug reported: Binary package hint: xorg This first started happening today, 18 may 2011 but no update was done. Randomly, completely without warning, my desktop session will end, landing me briefly at a tty, and then back at a gdm login prompt. I'm able to log back in through gdm and use the system but all previous applications are closed as it's a new session. The magnitude of this problem is obvious as any unsaved work in any running programs is immediately lost when the crash occurs. Seeing the other posts here, I checked my xorg logs and found similar backtraces and ubuntu-bug should have attached those logs. I don't know what else to contribute at this time. ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: xorg 1:7.6+4ubuntu3 ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2 Uname: Linux 2.6.38-8-generic x86_64 Architecture: amd64 CompizPlugins: No value set for `/apps/compiz-1/general/screen0/options/active_plugins' CompositorRunning: compiz DRM.card0.LVDS.1: status: connected enabled: enabled dpms: On modes: 1366x768 1366x768 1280x720 1152x768 1024x768 800x600 848x480 720x480 640x480 edid-base64: AP///wAwrtFTAQOAGg546r9FlVhSiiglUFQBAQEBAQEBAQEBAQEBAQEB4h1W3FAAIzA4KHgAAJAQAAAb4BhW3FAAIzA4KHgAAJAQAAAbDwCMCTyMCTIUCQAw5HYC/gBMUDExNldIMS1UTEIxAM8= DRM.card0.VGA.1: status: disconnected enabled: disabled dpms: On modes: edid-base64: Date: Wed May 18 21:13:50 2011 DistUpgraded: Fresh install DistroCodename: natty DistroVariant: ubuntu GraphicsCard: ATI Technologies Inc RS780M/RS780MN [Radeon HD 3200 Graphics] [1002:9612] (prog-if 00 [VGA controller]) Subsystem: Lenovo Device [17aa:21b2] InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1) MachineType: LENOVO 3508CTO ProcEnviron: LANGUAGE=en_US:en LANG=en_US.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-2.6.38-8-generic root=UUID=f83ff22b-deae-4b87-9be8-21a3f0c5e69e ro rootflags=subvol=@ quiet splash vt.handoff=7 Renderer: Unknown SourcePackage: xorg UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 06/02/2010 dmi.bios.vendor: LENOVO dmi.bios.version: 6XET41WW (1.25 ) dmi.board.name: 3508CTO dmi.board.vendor: LENOVO dmi.board.version: Not Available dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Not Available dmi.modalias: dmi:bvnLENOVO:bvr6XET41WW(1.25):bd06/02/2010:svnLENOVO:pn3508CTO:pvrThinkPadX100e:rvnLENOVO:rn3508CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable: dmi.product.name: 3508CTO dmi.product.version: ThinkPad X100e dmi.sys.vendor: LENOVO version.compiz: compiz 1:0.9.4+bzr20110415-0ubuntu2 version.ia32-libs: ia32-libs 20090808ubuntu13 version.libdrm2: libdrm2 2.4.23-1ubuntu6 version.libgl1-mesa-dri: libgl1-mesa-dri 7.10.2-0ubuntu2 version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A version.libgl1-mesa-glx: libgl1-mesa-glx 7.10.2-0ubuntu2 version.xserver-xorg: xserver-xorg 1:7.6+4ubuntu3 version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.0-0ubuntu4 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.14.0-4ubuntu7 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20110107+b795ca6e-0ubuntu7 ** Affects: xorg (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug compiz-0.9 natty ubuntu -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/784936 Title: Another person with random x crashes on ubuntu 11.04 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 784936] Re: Another person with random x crashes on ubuntu 11.04
Ubuntu-bug likely grabbed the running xorg log, not the one containing the actual information about the crash. It's attached here. ** Attachment added: "previous x session log" https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/784936/+attachment/2134405/+files/Xorg.0.log.old -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/784936 Title: Another person with random x crashes on ubuntu 11.04 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
