pop-os / pop

A project for managing all Pop!_OS sources
https://system76.com/pop
2.47k stars 87 forks source link

Doc request: explain why encrypted drive contains unencrypted partitions #461

Open KloudKoder opened 5 years ago

KloudKoder commented 5 years ago

Distribution (run cat /etc/os-release):

All

Related Application and/or Package Version (run apt policy $PACKAGE NAME):

(This is probably a brief security whitepaper on why your disk encryption is trustworthy. Or even just additional info provided during the install via a "about disk encryption" link.)

Issue/Bug Description:

If you boot from an external USB, and run the Disks utility, you can look at the boot drive with Pop OS installed on it. The installation used full disk encryption, so in fact a LUKS encrypted partition is visible. However, there are also 2 FAT partitions and a Swap partition, which are not LUKS. Now, I get it: just because the partition type is FAT or Swap doesn't mean that data resides there which is both unencrypted and user-generated.

Even a statement explaining this arrangement somewhere in the install process would relieve a lot of concerns. As it stands, the user has no idea as to the following:

  1. What data gets leaked, if any, into the FAT partitions? It is just info about the OS version (pretty trivial) or other stuff along the lines of statistical summarizations of private data.

  2. Is data evicted to Swap encrypted? Obviously not all of it is, because it's an unencrypted partition type. So what metadata is leaked? Shedding any light at all on this matter would be welcome.

  3. Common sense: have you actually caused swap activity to occur and looked at the data evicted to Swap, vs. memory contents? Likewise for auditing before-vs-after changes to the FATs across a boot.

Steps to reproduce (if you know):

N/A

Expected behavior:

N/A

Other Notes:

Apple's unencypted image thumbnail vulnerability comes to mind, which I think they fixed, but it's a case in point. This is an example of metadata (effectively, a rich statistical summary of encrypted images, in that case) leaking its way onto unencrypted regions of the drive.

mmstick commented 5 years ago
KloudKoder commented 5 years ago

Thanks for the details. This stuff matters. Perhaps that should go in your installation docs.

trevor87 commented 2 years ago

I just installed Pop OS and came across this as well and at first was a bit irritated. Just out of curiosity: Why is the swap partition not simply part of the same lvm as the root partition? This layout used to be the case with my previous encrypted linux installs (e.g. Ubuntu).