Full disk encryption is coming
#1
Hi there,

I know this is a feature a lot of you have been waiting for since the beginnings of Mobian.
I'm therefore extremely pleased to announce that we've started work on it, with an on-device installer allowing you to select a passphrase and install Mobian to an encrypted partition.

This was adapted from pmOS's installer, so they definitely deserve most credit for that Wink
As of today the installer works fine and can be downloaded here.

Only known issue so far is the flickering backlight on BraveHeart devices.

Please note the system will be installed to the device the installer is flashed on: if you flash the installer to an SD card, then Mobian will be installed on the same SD; if you flash it to the internal eMMC, Mobian will be installed on the eMMC. Allowing target device selection is on the TODO list, but it might be some time before we implement it.

Although this has been thoroughly tested on my devices, I'd like to have some more success (or failure) reports, so please give it a shot if you have some time to spare Smile

Enjoy!
  Reply
#2
Photo 
[Image: mr_burns.gif]



Just tried it, is the installer bootable? I flashed it to an SD card and put that in the phone but it booted up on the eMMc.
  Reply
#3
Ack, my screwup copying the image to the SD card.

I have the installer booted up, and it is now installing with disk encryption...

...and about 15 minutes later it's up and running on WiFi and with cellular calling operational.

[Image: mkovb.jpg]
  Reply
#4
Everything works great on my Pinephone (UT) Community Edition! I finished this video howto/walkthrough for anyone interested/curious:
https://youtu.be/vjSASi7IbIU
- RTP

"In the beginner's mind there are many possibilities, in the expert's mind there are few." -Shunryu Suzuki

My Blog: https://politictech.wordpress.com
  Reply
#5
I'm installing now with disk encryption to eMMC, flashed the image to it using Jumpdrive since currently the installer only works with the device it's booted from.

Questions:

After installation is the installer still taking up a significant amount of space? (The image is 8GB.) If so is it possible to reclaim that space?

Also, is it possible to configure Mobian to automatically log into the desktop at boot time rather than having to enter the user password? With password entry for disk encryption, having to log into the desktop as well is kind of redundant.
  Reply
#6
(12-05-2020, 02:18 PM)Zebulon Walton Wrote: After installation is the installer still taking up a significant amount of space? (The image is 8GB.) If so is it possible to reclaim that space?
No need to do anything: the installer partition is automatically removed at the end of installation process, and system partition is resized on first boot to use all available space.

(12-05-2020, 02:18 PM)Zebulon Walton Wrote: Also, is it possible to configure Mobian to automatically log into the desktop at boot time rather than having to enter the user password? With password entry for disk encryption, having to log into the desktop as well is kind of redundant.
Not yet, that's something which is discussed upstream as it requires using display manager features, but there's still much to implement to get there (alternatively you can modify the .desktop file to add the `-U` flag as a temporary workaround).
  Reply
#7
Thanks for the response, overall it is working great, no worries. If somewhere down the road we can do auto-login that would be great but it's not that big a deal to enter the numerical password to log in. It's really nice to have the OS running encrypted on the internal drive. The factory-installed OS was so unstable I was a little worried that the eMMC might have been bad but it's been fine with Mobian.

I've additionally installed an SD card which is also encrypted and mounted automatically, with the Videos, Pictures, Documents, and Downloads directories placed there using symbolic links.
  Reply
#8
Question 
@a-wai It had been a while since I'd used my UBPorts edition Pinephone, and to get up-to-date I flashed this new FDE installer. It worked fine (yay FDE!), though I'm having an issue that could possibly be described as a "flickering backlight". Is the flickering backlight issue you mentioned in the OP new, or did it exist previously? Also, are you sure it's limited to the Braveheart edition?
  Reply
#9
(12-06-2020, 06:36 PM)NoahAndrews Wrote: @a-wai It had been a while since I'd used my UBPorts edition Pinephone, and to get up-to-date I flashed this new FDE installer. It worked fine (yay FDE!), though I'm having an issue that could possibly be described as a "flickering backlight". Is the flickering backlight issue you mentioned in the OP new, or did it exist previously? Also, are you sure it's limited to the Braveheart edition?

Well, the backlight issue seems to have resolved itself.

Where does the source code live for the keyboard that you use to enter your password on boot?
  Reply
#10
I only have BH and pmOS editions to test with, so it may flicker on UBports also (anyway, that's just the installer, it shouldn't affect the installed system)

Password entry is osk-sdl
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  "Low Disk Space on Filesystem root" after installing Axolotl and Podcasts Anna 11 776 03-05-2021, 02:33 AM
Last Post: Anna
  Is there an encryption package missing from mobian? rp3 0 316 01-27-2021, 05:16 AM
Last Post: rp3
  Encryption is great rp3 0 338 01-07-2021, 05:16 AM
Last Post: rp3
  Full Disk Encryption elagost 0 573 11-06-2020, 11:42 AM
Last Post: elagost

Forum Jump:


Users browsing this thread: 1 Guest(s)