UbuntuHelp:EncryptedFilesystems
来自Ubuntu中文
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
I will draft a spec once there's been some comments. Feel free to make edits and suchlike. Don't know if this note is necessary.
Summary
Like the Debian text-mode installer, allow, in textual and graphical Ubuntu installers, the functionality for encryping entire disks or filesystems, with dm-crypt. This includes encrypted root, home, and swap partitions.
Rationale
Ubuntu needs to retain an image of robust security amongst GNU/Linux distributions. With Vista's new bitlocker Drive Encryption feature, we ought to remain one step ahead of the competition and have the functionality for encrypting filesystems or the entire disk, without having to rely upon a TPM chip. Using a smart card or USB flash drive to store the key is a possible extra plus to be assessed later. This is also highly supported by the Ubuntuforums community. My thread here: http://www.ubuntuforums.org/showthread.php?t=215389
Use Cases
Paul V. is a privacy advocate. Though he has nothing to hide, it's still his nothing, and he has a right to hide it. Ed S. is a hardware engineer for a company that lends all its employees laptops. Management is concerned about the theft of a laptop as an act of economic espionage. To protect their design, proprietary at this point, Joe suggests installing Ubuntu Feisty with encrypted filesystems. Mark J. is a civil libertarian in a country with a government hostile to people of his beliefs, of humanity, equality, and inherent irrevocable freedoms. He could be put to death for some of the things on his laptop, and chooses to AESify the whole thing. John Y., though most people won't get the reference, is an exceptionally paranoid fellow who believes that there is a conspiracy against him, and that thousands of people are trying to kill him. How better to set his mind at rest than encrypting his hard disk?
Scope
Possibly, only changes to Ubiquity and debian-installer, and possibly the inclusion of cryptsetup on disk, which is ~700KBs
Lingering Questions
- should Smartcard/flash drive key storage be supported?
- Should TPM chips, with their "black box" design, be supported?
