They offer different flash templates with latest features.
Login

Forgot password
Register
Back

 Add Option of Full Disk Encryption to all future Linux Mint Releases

Created 2 years ago, edited 2 years ago.
Status changed 2 years ago
Author:

ASmith
Status:
Selected
  Score:
 134
144 votes
Idea:

Add the Installation Option of Full Disk Encryption to All future Linux Mint Releases

Many Linux distributions are fully utilising the Linux Volume Manager (LVM) to install their LiveCD updates AND give their users the option to fully encrypt the entire disk in the process.

Linux Mint teams should give the option of Full Disk Encryption to Linux Mint DVD installers, include LVM and the painless,reliable Full Disk Encryption set-up and installation of Linux Mint in the same process.

Many Linux uses are very security minded, the Ubuntu kernel includes the routines to fully support full disk encryption. Computer,Laptop and Notepads stolen or seized under dubious or illegal warrants are on a rather large rise these days underscoring the value and need for Linux Mint users to have the option of full disk encryption during the Linux Mint installation.

Does disk encryption really protect your data from unauthorised access by gov.agencys or common thugs and thieves? YES provided the passphrase is strong enough along with a strong multi-encryption algorithm http://www.linuxbsdos.com/2011/12/05/does-disk-encryption-really-protect-your-data-from-unauthorized-access/

References and Articles showing how very popular Full Disk Encryption on Linux based Desktops,Laptops,Notepads Is:

Linux and BDS desktop distributions with support for full disk encryption http://www.linuxbsdos.com/2011/07/26/linux-and-bsd-desktop-distributions-with-support-for-disk-encryption/

How to install Linux Mint Debian Edition on an encrypted LVM file system http://www.linuxbsdos.com/2011/01/01/how-to-install-linux-mint-debian-edition-on-an-encrypted-lvm-file-system/

Full Disk Encryption easy HOWTO-Linux Mint Community http://community.linuxmint.com/tutorial/view/344

Linux Logical Volume Manager (LVM) for Linux distros to configure and manage quick and easy full disk encryption installations http://www.linuxbsdos.com/2008/11/17/linux-logical-volume-manager/#

The Benefits of Using Linux Logical Volume Manager (LVM) http://www.linuxbsdos.com/2008/09/24/the-benefits-of-using-linux-logical-volume-manager/

In closing...

Debian, Fedora, and Sabayon among other Linux Distros now offer Full Disk Encryption with their LVM based installers, why not Linux Mint?

Comments:

6 months ago

cork
I also think that the encryption key should have the option of loaded from an external usb disk. That way you could use a 128-bit key without having to type it in at startup.  
9 months ago

lkkw223
This feature is *crucial* for all modern LINUX distroes. It's standard on all major distroes. Please do hurry up and implement this feature. I really like Mint and LMDE, but without FDE it's just an absolute no-go for me and everybody I help shifting to Linux. Sorry guys, but this is goin too slow.  
10 months ago

robmason
A prerequisite for business class laptops...  
1 year ago

sarciszewski
LMDE needs this!  
1 year ago

Tuchikos
Clem, if you ever read this, please add full disk encryption to LMDE. Go the distance. Thank you!  
1 year ago

znaut
Agreed. I would like to see this as well.  
1 year ago

disPPlay
I would like to see this idea implemented, as it is very easy for the user to encrypt the whole HDD with a simply click and a passphrase.  
1 year ago

quake0
This really needs to be approved already.  
1 year ago

zurku
@lon_ore
There are other like me, who would prefer to use the Debian Edition instead for resource constraint reasons and the fact that its rolling, but if you think about it, its still not available by default for the random Linux Mint user who doesn't have the slightest idea how to do that.

The encrypted install option is still not available in the installer even thought its been around in Debian proper for ages. That's somewhat alright, if it wasn't for the fact that the LMDE installer does not recognize encrypted block devices either. Halfway through setting up the volumes manually I ran into this problem and had to shelve the idea completely and switch to another distro. Please add this option for Linux Mint soon. There are many great things about this distro that make it shine above all others. However this small and important feature is a blackeye to this, IMO.
 
1 year ago

Ion_ore
In case someone's still wondering, you actually can do this on Mint 14. On the live boot you just need to upgrade the installer (ubiquity) before installation. I completely removed all ubiquity packages, updated the package list and then marked the package "ubiquity-frontend-gtk" for installation (I used the Cinnamon liveDVD).  
1 year ago

Drag0nFly
This should be considered core functionality for laptops. Since the Ubuntu installation already has this feature in place implementing it on Mint would hopefully be a minor task.  
1 year ago

gcarvell
I would really, *really* like to run Linux Mint on my work laptop. Some factors in that are the general high quality of the distro, the solid Ubuntu / Debian base, ability to run 3rd party software, emphasis on user choice, and Mint's work on the MATE desktop. However, full disk encryption is a hard requirement that Mint does not support.

For now, Ubuntu 12.10 with its full disk encryption is a tolerable workaround (after manually adding the MATE desktop and ripping out all the Unity and shopping type stuff I could), but a straight Mint install would be much better. Hopefully the development team will consider this option in the near future.
 
1 year ago

Mateo37
I want to thank the Linux Mint team for their professional quality and easy to use releases. I think the addition of the option to have FDE during an install and/or having a point and click tool in the GUI to do it afterwards would be greatly beneficial for business users like me who have higher security requirements for customer data.  
1 year ago

quake0
This was in ubuntu 12.10 installer but I can not find it in mint 14 RC.  
1 year ago

ASmith
The action indicates my suggestion to add the 'Option' for Installers of Linux Mint to enable a Full Disk Encryption has been selected.

Outstanding! Kudos to the Linux Mint Team and to those that took the time to Vote and comment on this important and imo essential feature in a increasingly troubled, economically challenging times where laptops and even desktops are routinely stolen not only for the personal information they might have to sell to a ID theft specialist but also for a quick hardware device payday.

Thank-You
ASmith
 
1 year ago

ASmith
Sorry to hear Minuxlint, that you have given up on Mint over the lack of full disk encryption not being given as a option. Sadly, the vast number of business users that want to use Linux Mint do not do so because there is no direct install option for full disk encryption.

The newest Ubuntu Release is now offering full disk encryption as a option for installers and hopefully that will provide enough stimulus to the Linux Mint team to go ahead and provide that useful feature.

The newest high security reviews appear to indicate a combination of AES-Serpent or Serpent-Twofish multiple encryptions defeat even the most ardent attempts by bad people with bad intentions. On newer CPU's with built-in AES acceleration the trade-off in HD access,read and writes should be minimal however if the device is fully powered down before it is seized, stolen or demanded at gunpoint, any information that is heavily encrypted is essentially protected and shows up as random useless data to computer forensic examiners.

In short, the newest Ubuntu Release now includes the Option for installers for full disk encryption, Linux Mint should include that option also.
 
2 years ago

martensjd
It just strikes me as naively trusting to not use full disk encryption on a laptop.  
2 years ago

minuxlint
Having been a long time Linux Mint advocate, I was also disappointed that the script that I had used from tutorial 344 failed with Mint 13.

I have long since jumped from Mint to other distros, but kept a family laptop running Mint for my wife and kids. Not having the security of knowing that a stolen laptop is missing hardware, not missing personal information, seems a bit behind the times for me.

I hope that the position Clem took in an earlier blog post that stated that the Mint team was not targeting users who would need this as an install option changes. It is the sole reason I no longer run Mint in my home.
 
2 years ago

ASmith
Thanks vincentv for considering however you marked the Grubpass which defeats the evil maid attacked as 'rejected' and should be reconsidered as it is entirely meant to work in tandem with the option of Full Disk Encryption.

I'm also disappointed to see the option of a USB token file to use super strong passwords on a removable media however given the Linux developers time, I understand such time is vitally focused on other tasks.

With many Western nations slipping now into double dip recession, computer and digital device thefts are of course on the increase as well as sadly nations being transformed into a virtual Police State.

Business's switching to Linux are on the rise as they widely refuse to install Windows 8, a vast majority of them view full disk encryption as a must have option. Security minded Linux users also definitely place Linux distributions with Full Disk Encryption option available on their 'Must Have' list. I feel such a optional inclusion is vital to add to future Linux Mint releases.
 
2 years ago

shred
Thanks for considering! You're right about the evil maid attack. However, FDE is a safe protection if your notebook is lost or stolen.  
2 years ago

shred
This is actually the only show stopper that keeps me from migrating some Fedora machines with FDE partitions to Mint.  
2 years ago

katamint
I have just switched 6 pc in my office from ubuntu 10.04 to Mint 13 MATE

On my personal pc i cannot use more the full disk encryption and this is a sad thing.

Tutorial 344 doens't work.
Please add this in linux mint 14. Security and Privacy are not an option !
 
2 years ago

a701
I was actually very surprised to see that LinuxMint did not offer full disk encryption. I feel this is a must in any good distribution. I can see no reason why anyone would be against the inclusion of full disk enctyption as an option. I hope to see this added soon so I can give LinuxMint a try.  
2 years ago

jjthomas
Needed for laptops.  
2 years ago

ASmith
My thanks to each for your votes and help to promote greater security in all further Linux Mint releases.

Please be advised there are a albeit small handful of visitors and members in the Linux Mint forum,community and readers that flatly do not want Linux Mint nor any Linux distribution to have any real encryption and security capability's whatsoever.

Although most of their claims of tinfoil hats on those pointing out the very real need for security and privacy measures have been shouted down, those individuals still certainly exist. Regardless of what their true agendas or who they work for nor who their actual allegiance is to, such is simply a reality of the current police state times and to be expected rather than allow yourself to be broadsided in surprise that such would occur 'here'.

Despite the obvious police state agenda's, given the global double dip recession economically impacting millions if not billions the very real possibility of netbook, laptop and digital device thefts for a quick pay-day is very real making personal full disk encryption a vital safeguard against that possible theft leading to even further personal theft based on your personal data.

Business's look for full disk encryption applications 'built-in' they can enable, not simply what could be added by their IT department to do that. Business's rightly see applications that are built-in and included as largely 'stable' and more likely to be trusted than a 3rd. party addition from the beginning.

With the major Linux distributions employing the LVM based full disk encryption options, it appears to be entirely positive in all directions for the Linux Mint development team to include that option also.

 
2 years ago

kazztan0325
@quake0:
I think you might want to ask active moderators about it.
 
2 years ago

quake0
This has 28 positive votes. What does it take to get considered?  
2 years ago

quake0
Why would any one vote this down? Its a one click option, not a default.  
2 years ago

fleming746
Additional security for those who need it is a very beneficial option, this would be a very good idea for anyone using their system for business or creative purposes  
2 years ago

markrlondon
Whilst not everyone sees the need for full disk encryption, it's one of those features which in reality is becoming a must-have. Home directory encryption is useful of course but being able to encrypt an entire system minimises the risk of data leakage. I am surprised that Mint does not yet have this feature.

@BScheiber: Would you like to write up your method of patching the live-installer to provide full disk encryption? It would be useful for those of us who would like to try it.
 
2 years ago

BSchreiber
Due it's not 100% safe, i know, i just patched the live-installer to add this functionality. Where can i find support on how and where to maintain this patched live-installer and iso-cd for testing?
 
2 years ago

BTPFMJ
While full disk encryption doesn't provide 100% protection against everything (nothing does), it can be very useful, and it's generally much more secure than home folder encryption, because full disk encryption can also protect the following items, all of which are likely to leak sensitive information:
- temporary files
- swap
- log files

If the root file system, additional file systems other than /boot (e.g. /home) if any, and the swap all live in LVM which sits on top of an encrypted volume, even secure hibernation is possible. (I'm using this setup routinely on my systems.)

The boot volume in this case is indeed the weak point, in that an attacker could manipulate the boot loader, initrd etc. to reveal the encryption key or password ("evil maid" attack). But that implies both a relatively sophisticated adversary and that the laptop will be used later by its owner. If a powered down laptop is lost, stolen or confiscated, and not returned to its owner, full disk encryption provides 100% protection (assuming the passphrase is strong).
 
2 years ago

fausto
Very useful  
2 years ago

quake0
Agree. As long as its only an option along side home folder encryption.  
2 years ago

undoIT
YES! Simple full disk encryption as an install option is absolutely essential. I have Linux Mint 11 on one of my laptops that I use for watching movies. I have also played around with Linux Mint 12 and love it. I was planning to install it on a couple of my more regularly used laptops (I own 7) as well as some computers for friends and family. However, the lack of a simple option for full disk encryption, like what is available in other distros, is unfortunately a deal breaker.  
2 years ago

blueXrider
BTW how many more times are you going to repost. I think you have the record now  
2 years ago

remoulder
Please do not make duplicate posts  

Other ideas from ASmith