I have decided to give Ubuntu 17.04 LTS Desktop a go. On a whim I installed it on a laptop I had lying about (being an IT person they tend to proliferate over a given period of time in my office… older units becoming doorstops, newer units lovely “Jenga” blocks and maybe the occasional Proxmox cluster…) Since this seems to be the final days of Unity (which I actually don’t mind as a Desktop all that much), I figured now was a good time to take another poke at it as a daily personal driver. I was happy to come across an option for full disk encryption during the install process and wanted to pass my few thoughts on it along.
As a side note, I didn’t realize so much digital ink had been spent on arguing about the Unity desktop environment… the world has endured a war in Iraq (pretty much still is…) and now we are looking at a potential nuclear war with North Korea… seems like there are larger issues to lose sleep over… anyhow…
I am actually typing on my Ubuntu laptop now. As was typical of my experience with any and every install of Ubuntu (or any other Linux distro for that matter), I ended up on the command line fixing a few things within about 30 seconds of first logging in. But I really am not here to discuss that…
What I am here to discuss is… when exactly did Canonical decide to start offering “easy-to-use” full disk encryption out of the box!?
I have a mixed background with Microsoft and many flavors of Linux (both desktop and server) and I have had more than my fair share of experience (good and bad) with Bitlocker. While Bitlocker certainly has its faults (and possible back doors… scream a little…) overall Redmond should be credited with bringing a relatively complex technology (full disk encryption) to the often less-than complex masses (and when it comes to a topic like encryption, I count myself among those masses). In short, while Bitlocker can be frustrating at times, I do actually like it.
So, to my delighted surprise, during my install of Ubuntu 17.04 I was asked if I wanted to use full disk encryption a la’ LUKS. I said yes…
– Pre-Boot password lock? – Yes!
– Encrypt secondary drives? – Yes!
– Auto-unlock that encrypted secondary drive at boot? – Certainly!
Side Note: All of the above being true, I did have to do a few CLI back-flips to delete an encrypted partition when I accidentally screwed up carving up my second HDD.
Now – when something is this easy, one must ask oneself… what’s wrong with it? Did the FBI, NSA, Flat Earth Society, and possibly the Illuminati pay boatloads of money (laundered through third-world drug cartels and possibly Charmin…) to Canonical to build back doors into this? God knows I don’t want Flat Earther’s getting a hold of my laptop, breaking (bypassing) the encryption, and finding out that I in-fact did find (and use) a Linux version of Microsoft Clippy. Okay, not really, or at least, I would never admit to something so heinous as a desecration of Linux via Clippy in a blog post.
After writing that line I decided to Google this… and to my surprised delight: https://www.youtube.com/watch?v=aKp0Tg2DphM – You are welcome
Anyhow, I did a bit of looking (i.e. a single google search resulting in a forum discussion) which validated my presupposition that LUKS is indeed secure and trusted by none other than the NSA. Now I am here to authoritatively tell you it is indeed secure.
Enough with the tongue-n-cheek… or just the cheek… the long and short of it is that I am glad that Ubuntu has made full-disk-encryption as easy to use on Linux as Bitlocker is to use on Windows. I figure at best it makes my laptop a digital Fort Knox and at worst it may protect my data from the petty criminal that is likely to nab it at the coffee shop…. True story, that is how I lost my Xiaomi MI3…