mmstick
commented
5 years ago - The EFI partition must be unencrypted for the EFI firmware to find and boot from it.
- The same applies to the recovery partition, which contains a copy of the contents of the ISO, and some details so that the recovery mode can find the LUKS device, and knows the UUID of the root partition inside that device.
- The Linux kernel and initramfs are included in the EFI partition, along with the systemd-boot loader,
- The Linux kernel / initramfs must be actively running in order to call the cryptsetup utility to decrypt the LUKS device, which contains the root partition.
- The swap partition is a dummy partition that exists solely for identification by the decrypted system to create a new encrypted swap partition embedded at an offset within that partition.
KloudKoder
trevor87
Distribution (run
cat /etc/os-release):All
Related Application and/or Package Version (run
apt policy $PACKAGE NAME):(This is probably a brief security whitepaper on why your disk encryption is trustworthy. Or even just additional info provided during the install via a "about disk encryption" link.)
Issue/Bug Description:
If you boot from an external USB, and run the Disks utility, you can look at the boot drive with Pop OS installed on it. The installation used full disk encryption, so in fact a LUKS encrypted partition is visible. However, there are also 2 FAT partitions and a Swap partition, which are not LUKS. Now, I get it: just because the partition type is FAT or Swap doesn't mean that data resides there which is both unencrypted and user-generated.
Even a statement explaining this arrangement somewhere in the install process would relieve a lot of concerns. As it stands, the user has no idea as to the following:
What data gets leaked, if any, into the FAT partitions? It is just info about the OS version (pretty trivial) or other stuff along the lines of statistical summarizations of private data.
Is data evicted to Swap encrypted? Obviously not all of it is, because it's an unencrypted partition type. So what metadata is leaked? Shedding any light at all on this matter would be welcome.
Common sense: have you actually caused swap activity to occur and looked at the data evicted to Swap, vs. memory contents? Likewise for auditing before-vs-after changes to the FATs across a boot.
Steps to reproduce (if you know):
N/A
Expected behavior:
N/A
Other Notes:
Apple's unencypted image thumbnail vulnerability comes to mind, which I think they fixed, but it's a case in point. This is an example of metadata (effectively, a rich statistical summary of encrypted images, in that case) leaking its way onto unencrypted regions of the drive.