Bug 757496 - encrypted /home partition should be decrypted at user login
Summary: encrypted /home partition should be decrypted at user login
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: 16
Hardware: All
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Anaconda Maintenance Team
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-27 13:37 UTC by Alexander van Loon
Modified: 2011-12-03 12:19 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-28 20:10:19 UTC
Type: ---


Attachments (Terms of Use)

Description Alexander van Loon 2011-11-27 13:37:19 UTC
Description of problem:

When I did a fresh installation of F16 I noticed that anaconda offers an option to encrypt not only the system but also specific partitions. Because only my home directory might contain material worth encrypting I decided to order anaconda to encrypt the partition with /home. After proceeding anaconda asked me the following question:

'Choose a passphrase for the encrypted device. You will be prompted for this passphrase during system boot.'

I remember using Kubuntu with an encrypted /home partition. It didn't require me to give a passphrase each time I booted the system, if I'm correct it would decrypt the /home partition when I logged in with my user.

Why can't Fedora do that too? It seems very tedious to give a passphrase every time you boot the system and then give your password to log in with your user account.

After reading this critical article – http://www.linuxbsdos.com/2011/05/09/home-directory-and-full-disk-encryption-in-ubuntu-11-04/ – on how Ubuntu deals with encryption I understand why Fedora does this, but I still think that merely encrypting the home directory is a good compromise between security and ease of use.

Comment 1 Brian Lane 2011-11-28 20:10:19 UTC
/home is shared between multiple users. Some of whom you may not want to give the passphrase to. Mounting /home is a system task, not something that happens per-user login, so it makes sense to prompt for its passphrase while booting.

Comment 2 Sean Smith 2011-12-02 19:51:48 UTC
I believe that this https://help.ubuntu.com/community/EncryptedHome is the behavior that is being requested.  I, too, would like to see this as an option.

Comment 3 Alexander van Loon 2011-12-03 12:19:41 UTC
Yes Sean, that's exactly what I requested intially. But after reading the link I provided in my initial comment I would totally understand if the Fedora developers wouldn't want to implement it, because it's not secure enough.


Note You need to log in before you can comment on or make changes to this bug.