Should Fedora enforce drive encryption on new installs?

I do not pretend to be one, just think in the sense of opensource we should let things happen. And not try to enforce anything. It is there, if I want to use I can. And giving the same rights to others makes sense for me.

It is not really the testing team who makes all the testings. They offer us a Image that we can test and give feedback. As long there is a small crowd of people who does so, such options will be left off as they are.
If you want to convince people to use encryption, you might better write an article for the magazine and highlight there some points who speak for encryption and explain how things work. It might be that you make more points to convince.

1 Like

I think “How and why to encrypt your Fedora Linux system” would be a fine article. But, this is also a perfectly good place to raise suggestions like this and to try and convince people.

1 Like

i am willing to help here but don’t have any such experience about that.

sure it can be a good topic and i can help on that maybe try to write a blog.
but you know sometime we need to take a stand. while full disk encryption have its own benefit. just systemd-homed will be a good way to switch like what android used to do but now they shifted to a individual file base encryption. but i don’t know whether we have a tool for that.
and asking people to go with encryption is the easy way maybe like what elementary or pop does it need to be in the installer and have its own submenu so users have to see that prompt and press no to not use it. it will be just like asking if you want to use a different password for root account or use admin as root passwd.

i dont think it is useful as people who will read fedora magazine are techique people like you somewhat me we already know this and using it or not using it because we have own reasons.
but a basic user who have just decided to shift to linux. they will not read any of this.

6 Likes

Yes, this is what I’ve been daily driving for a while (you’re awesome!). My stuff is pretty basic, unfortunately, so I really have nothing to add. I’ll report if anything comes up to the main thread or issue.

Also, after realizing how big of a change this would be, is proper session manager support really needed? :p\ Jk, but this is a step in the right direction for now at least.

Unfortunately this proposal can lead to non-trivial issues:
After upgrading I cannot unlock and boot from my luks encrypted disk

2 Likes

Hence there are some bugs whether it is in luks2 or fedora implementation because it should not have any issues because most users does not test the encryption or dev or beta testers this is not as robust as other parts are. You can’t ignore the fact that at anycost encryption is good…
I think we need to test it and have to see how it can be implemented maybe systemd-homed can be a good. Or it can be luks2 with /home or the full / volume encryption. It need some testing and i don’t really think that whatever the issue is we can be like there are potential issues don’t use this…
We need testing so this never happens to users. We can’t ignore the goods of encryption.

1 Like

I do not know how old you are @frankjunior but I just can tell from my side, I am in my fifties. My first own computer was a brick it was a IBM Personal Computer - Wikipedia. I bought it as an used one.
Mine already came with a HD and also just had one Floppy. And as I remember the version of DOS was around V3, or at least I updated it to it.

In this time no mobile phone existed as we do have today, Internet was there but it was still a mystery how it works, and I had time at night to fuss around in the command line of my old IBM and printing out all the commands appearing while typing help in the command line.
It appeared that that the “Globe” was spinning in a slower speed and catching up with new technologies was just as easy as watching an exiting movie on Netflix nowadays.

I know that I went off topic now. I made it that you can understand people who think different. Even if they bring arguments like

there is a hidden message behind:

Hey slow down we are not ready yet, we need more time! If you help us to get in to it with an own project like this we will be more willing to see what you really mean.

If you try to do a sub-project like Fedora Lazurite see link above I will be one of the first users to support you with testings and do give you input how you could make it popular.

So I guess, with 62 replies and a lot of repetition, it is time to end this Topic ?!

I do wait of pro activity from your side @frankjunior , without expecting that others have to change in general. With introducing an article, a project etc. It would be a other opportunity to continue the discussion, following your augmentations while convincing with instructions how to do it.

3 Likes

Of course encryption is good. The anycost comment is bad.

Being proactive is outstanding but failure to understand other users and their desires can quickly lead into a nightmare.

Forcing someone to use encryption when they really really do not wish to do so would have much more than a slight negative impact on how users view fedora. Have you even paid attention to the number of posts concerning problems with encryption? Have you considered that if a user forgets their password to unlock a drive that ALL the data on that drive is gone? What about the times where a graphics issue has hidden the password entry prompt and users could not log in?

Forcing someone to create a password leads to weak & easy to remember (and crack) passwords. Setting standards for the strength of a password tends to lead to passwords that are easily forgotten. This is a double edged sword in that area.

At present leaving it as a user opt-in choice seems much better to me.

1 Like

Users should be able to restrict encryption to their personal data, e.g., home and possibly other directories. Encryption should not rely on passwords, but on a hardware “key” that allows the user to keep a backup “key”. Yubikey is an example. Users should be encouraged to use a cloud store backup that provides end-to-end encryption for recovery if their system is damaged (natural disaster or software bugs) or stolen.

There may need to be some way to restrict use of encryption on legacy hardware that many not be well supported.

yes thats right, I completely agree many new desktop users forget passwords and that would be a disaster.

This happens all the time with out customers who use bitlocker on windows who purchase PC’s in retails stores and don’t even know there hard drive is encrypted, only to find out later when the system fails and they want to recover, no dice

does encryption really need a place if your using a desktop which never leaves the office and your home is secure?,

I mean if the hard drive is encrpted and there was somehow a way a threat was able to break into the system through the LAN network or internet, the hard drive encryption doesn’t really help right?

Its only for physical/mechanical protection from intruders who get access to it when its not turned on

For Windows, users will usually follow on screen prompts to create/link MS accounts with their user ID. And Bitlocker recovery key will be save to the MS account - which is somehow a safety net.

Apple, of course they control everything from H/W, F/W, OS, Software.

Can Fedora or the wider Linux ecosystem provide this kind of safety net? I think Google will be more than happy to provide that kind of account linking back end system. But will distributions do this kind of integration works?

Before a reliable safety net is available, I will not want my OS force me to have drive encryption.

4 Likes

One significant problem with backups is that to be done properly, they really really need to be tested periodically. I’ve heard many, many horror stories, even from big companies, where they thought they had working backups, only to find out when the time came that they needed them that the automated system had stopped months ago or that the backups were corrupt somehow or that the data couldn’t be unarchived for some reason or another (e.g. a lost key or password).

You will never convince the average user to go through the time and effort to properly test their backups. Consequently, if you create a situation where backups are required more often you will be creating a situation were data is lost more often. Is it worth it?

I’ve been working with computers since the 80’s. I’ve never had one stolen. But I cannot count the number of times I’ve been locked out from my data due to a software bug. Thankfully, retrieving my files from the broken OS has always been trivial. Depending on the files, I would have suffered life-altering setbacks if I had not been able to retrieve them.

1 Like

I was initially very suspicious of keeping all my data in the cloud, but now I can’t imagine doing anything else. I mostly use macOS and iOS devices. My data is stored in iCloud and I think Apple keeps it pretty secure. Its not a “backup” but that’s just where my data lives. Our business switched to OneDrive for the very reason you described: we discovered that our backup software stopped working for months and our data was at risk. Now everything is in OneDrive and accessible to the entire company. Both the Apple and Microsoft solutions are easy to use and pretty much invisible to the end user.

I wish that there were a way to access my iCloud data through Silverblue.

1 Like

Recent survey of cloud services for Linux has links to some linux clients for some services, including OneDrive. Apple supports use of Windows to restore data to iThings via iTunes. Wine is said to support iTunes, but I have not investigated that.

1 Like

May I add some thoughts to this discussion?

I strongly believe that nowadays the vast majority of users will benefit from encryption (as it just minimizes risks), but FDE comes with several disadvantages:

  • disk performance during intense file operations (archiving large files; copying large virtual machines across disks even when only one disk is encrypted) is decreased notably; with 100GB files i’ve personally experienced severe freezes. In most cases the performance drop is not noticeable, but for some users this may be important.
  • users must not forget that their disk is from now on encrypted, and therefore should try to adopt better practices like doing recurrent backups; trying to avoid low quality power sources or powering the computer off in unsafe manner with the power button (when hardware/device issues occur which unfortunately can still occur frequently - with Thunderbolt docks for example). Especially valid for desktop PC users with with no integrated battery;
  • data recovery and disk operations may become more difficult and definitely will require more caution and technical knowledge;
  • (probably laughable, but still) they must not forget their passkey.

My point is that less experienced users may not realize these things beforehand (while they should).

At the moment the install offers a tiny checkbox to turn FDE on/off, which asks for a passphrase and that’s it. I remember reading horror stories (like this one: Bitlocker enabled itself on Windows 10 Home edition, or this: BitLocker: need a key but I never installed it) in the past where people bought (or were provisioned) Windows 8/10 machines with Bitlocker FDE enabled without their consent or knowledge, and only discovered that when it was too late.

Fortunately (hopefully) with Fedora it is unlikely - as you have to provide a passkey for this. But I guess the encryption option deserves an extra step with a dedicated screen that would briefly warn and remind about inconveniences mentioned above, so that a user would make an informed choice.

Another thing is that not all Fedora distros are ready to offer FDE by default to users with custom keyboard layouts (= not with the “US English” one), which is not that rare as it might seem. I have seen that Fedora Workstation 37 works fine (respects the keyboard layout during boot), while and Fedora Silverblue all versions (including F39 Rawhide) uses US English during boot (and do not even show the layout) - which makes unlocking the install practically impossible.
A new user would reinstall the system several times trying to guess why the system won’t accept the (apparent) correct passphrase on first boot. And each time it will refuse to unlock during boot because of the poor keyboard layout handling. This is a major annoyance.

There’s a related Bugzilla report: Bug 1890085 - English keyboard layout is erroneously used during initramfs phase (e.g. decrypting encrypted storage devices) instead of native layout, on Silverblue / ostree installs which has survived several generations of Fedora already, and does not seem to have any priority.

I have also noticed that during the install phase there’s a great option to test the keyboard layout, but not always the symbols appeared as expected (for example, instead of “ñ” a different symbol appeared), which is unacceptable if you need to define a passkey for FDE.

If you seriously consider advising FDE to the vast majority of users, these bugs must be finally fixed first as it affects lots of people with national and non-standard keyboard layouts.

(corrected: the issue with keyboard layouts is in Silverblue distros. Non-silverblue ones are not affected)

4 Likes

Instead of necroing an old thread, you should all read the past few posts. The discussion has long since moved on from FDE and “forcing.” Also, there are some interesting points, but it ultimately depends on if there’s interest from developers. I’ve been trying to make sense of some parts of gdm, homed, and gnome. But at the end of the day, I’m just messing around. In the meantime, putting all your important files in an encrypted archive will do. ;(

There is no yubikey in all countries that our users are located, nevermind adding cost to people will invariably drive the bulk of Fedora users away.

Systemd homed encryption is now available in gnome 46 by default so will we get this feature in fedora now.