*** This bug is a duplicate of bug 1514120 ***
https://bugs.launchpad.net/bugs/1514120
I would like to support this bug report from the perspective of a security
oriented, pragmatic user, likely the kind of which there are plenty out there.
Ubuntu's great success has been and will be based on how user friendly it is,
and an overwhelming majority of the people who are looking at security just
want their whole system encrypted. Also in dual boot scenarios. Windows for
general purpose, Ubuntu for security relevant tasks such as banking or
sensitive administration. A wide-spread usecase.
Confronting them with exceptions such as an unencrypted /boot partition,
disabling encryption in dual boot scenarios or any other unnecessary
complications will just lower Ubuntu's acceptance in an increasingly
security aware user world.
Academic discussions about whether or not encryption has been designed
for tamper resistance just misses the point. Fact is that it does
increase it. Think of someone who breaches my Windows installation, and
discovers the parallel Ubuntu installation. They either just see one big
chunk of random data, or they see a clear-text /boot partition they can
play with. This is one unnecessary attack vector, no matter how easy or
hard it is to use.
I do not remember a single argument in this whole history against /boot
encryption that mentions a real disadvantage of the functionality. Yes,
there may be alternatives. No, it does not make a system perfectly safe.
But it helps, and not implementing it is like not implementing RAID
because one wants to force users to create backups.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1773457
Title:
Full-system encryption needs to be supported out-of-the-box including
/boot and should not delete other installed systems
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1773457/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs