+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: PinePhone Software (https://forum.pine64.org/forumdisplay.php?fid=121)
+---- Forum: Mobian on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=139)
+---- Thread: Full disk encryption is coming (/showthread.php?tid=12389)
Pages:
1
2
Full disk encryption is coming - a-wai - 12-02-2020
Hi there,
I know this is a feature a lot of you have been waiting for since the beginnings of Mobian.
I'm therefore extremely pleased to announce that we've started work on it, with an on-device installer allowing you to select a passphrase and install Mobian to an encrypted partition.
This was adapted from pmOS's installer, so they definitely deserve most credit for that
As of today the installer works fine and can be downloaded here.
Only known issue so far is the flickering backlight on BraveHeart devices.
Please note the system will be installed to the device the installer is flashed on: if you flash the installer to an SD card, then Mobian will be installed on the same SD; if you flash it to the internal eMMC, Mobian will be installed on the eMMC. Allowing target device selection is on the TODO list, but it might be some time before we implement it.
Although this has been thoroughly tested on my devices, I'd like to have some more success (or failure) reports, so please give it a shot if you have some time to spare
Enjoy!
RE: Full disk encryption is coming - Zebulon Walton - 12-02-2020
![[Image: mr_burns.gif]](http://2.bp.blogspot.com/_lRyeLb2-97A/TTDCFw-gCpI/AAAAAAAAAd4/no-N6oS2Bsk/s320/mr_burns.gif)
Just tried it, is the installer bootable? I flashed it to an SD card and put that in the phone but it booted up on the eMMc.
RE: Full disk encryption is coming - Zebulon Walton - 12-02-2020
Ack, my screwup copying the image to the SD card.
I have the installer booted up, and it is now installing with disk encryption...
...and about 15 minutes later it's up and running on WiFi and with cellular calling operational.
![[Image: mkovb.jpg]](https://i.imgflip.com/mkovb.jpg)
RE: Full disk encryption is coming - RTP - 12-04-2020
Everything works great on my Pinephone (UT) Community Edition! I finished this video howto/walkthrough for anyone interested/curious:
https://youtu.be/vjSASi7IbIU
RE: Full disk encryption is coming - Zebulon Walton - 12-05-2020
I'm installing now with disk encryption to eMMC, flashed the image to it using Jumpdrive since currently the installer only works with the device it's booted from.
Questions:
After installation is the installer still taking up a significant amount of space? (The image is 8GB.) If so is it possible to reclaim that space?
Also, is it possible to configure Mobian to automatically log into the desktop at boot time rather than having to enter the user password? With password entry for disk encryption, having to log into the desktop as well is kind of redundant.
RE: Full disk encryption is coming - a-wai - 12-05-2020
(12-05-2020, 02:18 PM)Zebulon Walton Wrote: After installation is the installer still taking up a significant amount of space? (The image is 8GB.) If so is it possible to reclaim that space?No need to do anything: the installer partition is automatically removed at the end of installation process, and system partition is resized on first boot to use all available space.
(12-05-2020, 02:18 PM)Zebulon Walton Wrote: Also, is it possible to configure Mobian to automatically log into the desktop at boot time rather than having to enter the user password? With password entry for disk encryption, having to log into the desktop as well is kind of redundant.Not yet, that's something which is discussed upstream as it requires using display manager features, but there's still much to implement to get there (alternatively you can modify the .desktop file to add the `-U` flag as a temporary workaround).
RE: Full disk encryption is coming - Zebulon Walton - 12-05-2020
Thanks for the response, overall it is working great, no worries. If somewhere down the road we can do auto-login that would be great but it's not that big a deal to enter the numerical password to log in. It's really nice to have the OS running encrypted on the internal drive. The factory-installed OS was so unstable I was a little worried that the eMMC might have been bad but it's been fine with Mobian.
I've additionally installed an SD card which is also encrypted and mounted automatically, with the Videos, Pictures, Documents, and Downloads directories placed there using symbolic links.
RE: Full disk encryption is coming - NoahAndrews - 12-06-2020
@a-wai It had been a while since I'd used my UBPorts edition Pinephone, and to get up-to-date I flashed this new FDE installer. It worked fine (yay FDE!), though I'm having an issue that could possibly be described as a "flickering backlight". Is the flickering backlight issue you mentioned in the OP new, or did it exist previously? Also, are you sure it's limited to the Braveheart edition?
RE: Full disk encryption is coming - NoahAndrews - 12-06-2020
(12-06-2020, 06:36 PM)NoahAndrews Wrote: @a-wai It had been a while since I'd used my UBPorts edition Pinephone, and to get up-to-date I flashed this new FDE installer. It worked fine (yay FDE!), though I'm having an issue that could possibly be described as a "flickering backlight". Is the flickering backlight issue you mentioned in the OP new, or did it exist previously? Also, are you sure it's limited to the Braveheart edition?
Well, the backlight issue seems to have resolved itself.
Where does the source code live for the keyboard that you use to enter your password on boot?
RE: Full disk encryption is coming - a-wai - 12-07-2020
I only have BH and pmOS editions to test with, so it may flicker on UBports also (anyway, that's just the installer, it shouldn't affect the installed system)
Password entry is osk-sdl