Public bug reported: Currently, the Ubuntu installer offers Full Disk Encryption (FDE) via LUKS, which is a strong solution but uses a single key to encrypt the entire partition. This can be complex to manage for advanced users and does not provide seamless, individual encryption for each user on a shared installation.
I propose adding an fscrypt file encryption option to the Ubuntu installer. fscrypt is a modern solution integrated directly into the Linux kernel that allows for the encryption of each individual file with its own unique key. This granular encryption model offers superior security benefits, aligning with mobile industry standards: Enhanced Security and Resilience: If a single encryption key is compromised, it only affects that specific file, leaving all others secure. This level of protection is similar to what is found on modern mobile operating systems like Android and Apple (with APFS), which also encrypt files one by one. Transparent User Experience: Using the PAM module, the user's home directory is automatically decrypted upon login without requiring an additional password. Flexibility: Encryption can be enabled only for home directories, improving the performance and accessibility of the rest of the system. The goal is to provide a simple and transparent user experience where personal data encryption is either enabled by default or clearly offered as an option during installation, making Ubuntu as secure and modern as the most advanced mobile platforms. GITHUB: https://github.com/google/fscrypt KERNEL LINUX: https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html ANDROID: https://source.android.com/docs/security/features/encryption APPLE: https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: fscrypt 0.3.3-1 ProcVersionSignature: Ubuntu 6.14.0-29.29~24.04.1-generic 6.14.8 Uname: Linux 6.14.0-29-generic x86_64 ApportVersion: 2.28.1-0ubuntu3.8 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Fri Sep 12 14:38:31 2025 InstallationDate: Installed on 2025-09-12 (0 days ago) InstallationMedia: Ubuntu 24.04.3 LTS "Noble Numbat" - Release amd64 (20250805.1) ProcEnviron: LANG=fr_FR.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: fscrypt UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: fscrypt (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble wayland-session -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2122671 Title: Feature Request: Add fscrypt encryption option to Ubuntu installer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fscrypt/+bug/2122671/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
