search

elementary / triage

Catch-all repo for issues that don't have a better home
https://elementary.io
4 stars 2 forks source link

Encrypt on suspend #452

Open 4jNsY6fCVqZv opened 4 years ago

4jNsY6fCVqZv commented 4 years ago

Prerequisites

Feature

Is your feature request related to a problem? Please describe. "hard disk encryption only protects user's data when their machine is shut down"

Describe the solution you'd like "When you close the lid of your notebook, it goes into sleep/suspend mode. All processes are frozen and don't need to access your hard disk anymore. We use this opportunity to clean the keys of your encrypted devices and suspend them as well. Therefore, the data on your hard drive is protected. When resuming your computer, you must re-enter the password of your encrypted volumes. But then you're just where you've been working before."

I'm not sure if the Switchboard Power Plug is the right place for this feature request. It's also possible to combine it with a new Encryption Pane. I'm just thinking of a simple on/off switch in the Power Plug settings. Of course it should also be possible to unlock with a Nitrokey if the "Close lid to encrypt" option is activated.

Existing work please take a look a https://fosdem.org/2020/schedule/event/dip_close_lid_encrypt/ The above quotations for problem description and problem solution also come from this source.

cassidyjames commented 4 years ago

I think this is lower-level than we can realistically work on ourselves. If this comes to Debian (and Ubuntu specifically), then it would be much more likely that we could enable it.

4jNsY6fCVqZv commented 4 years ago

Thanks for your feedback!

I share your thoughts about an implementation.

Since the project is funded by the Prototype Fund, it looks good that it can be realized. For now the project page https://prototypefund.de/project/close-lid-to-encrypt/ is unfortunately in German, but the linked presentation at FOSDEM 2020 will probably be in English.

Therefore, I translate and quote the corresponding sections of the website: "The developed solution is to be integrated into Debian and made configurable via the Gnome system settings. [...] Since the solution is implemented in Debian, it will reach all users of Debian derivatives (such as Ubuntu, Tails, Linux Mint) in the medium term, as soon as they upgrade to a current version of their operating system."

Here is a link to their GitLab project repository: https://salsa.debian.org/mejo/cryptsetup-suspend

4jNsY6fCVqZv commented 2 years ago

To keep this issue up to date: cryptsetup-suspend has arrived in Jammy. https://packages.ubuntu.com/jammy/cryptsetup-suspend

According to the developer, the package is definitely ready to be deployed on systems. He recommends sending feedback in form of bug reports directly to the maintainers of the Ubuntu packages.

The package is not active by default. With the manual installation of the package, the function is automatically enabled.