Secure By Default: Disk Encryption

It’s time to better protect user data by default.

Image for post
Image for post

Just Do It

While discussing the installer, one thing System76 wanted to ensure was the ability to easily encrypt the installation once users have their computer in-hand; many System76 customers require it (i.e. government, education, and corporate organizations), other consumer electronics like iOS and Android devices manage it, and frankly it’s just good practice to encrypt by default. The problem in the past has been that, as a desktop Linux OEM, you cannot encrypt the installation before it’s in the user’s hands because then there is no guarantee that the encryption key is unique to that user. So customers would reinstall the entire OS from scratch immediately after receiving their computer—downloading the latest release of the OS, digging up a USB drive, flashing the drive, rebooting their computer, walking through the installer, and finally rebooting to finally use the computer. That’s not ideal.

UX Implications

Another major reason disk encryption isn’t the standard on Linux-based desktop OSes is that it does have some UX implications: users must remember a separate and distinct encryption password, users must enter this every time the computer powers on or restarts, and there are minor potential performance implications for I/O heavy work. The tradeoffs may be worth it, but we need to be sure users understand.

OEMs and Recovery Partitions

Our mantra for the new installer is that “every install is an OEM install.” This is not just to optimize for OEMs, but it ensures the code paths are well-tested no matter the installation scenario.

Installer UI

While these are important points to consider, we feel it’s time to push forward and communicate these implications to users instead of just leaving everything unencrypted. To do so, we’ve designed and prototyped a pair of new Encryption views in the installer:

Image for post
Image for post
Image for post
Image for post
New Disk Encryption prototype views
  1. Clearly and honestly explain the implications, whether or not the user might fully understand disk encryption.
  2. Allow users to opt out of encryption if they have a good reason.
  3. Encourage the user to provide a strong password while understanding when and how they will need to use it.

The Future

With these functions tackled, we have to think about future UX improvements as well:

  1. Possibly syncing/adding passwords for additional admin users (though this might be technically difficult/infeasible due to the many ways you can set a password on a Linux-based OS)
  2. Ensuring the power-on password entry looks as good and works as well as it can across different OSes and hardware combinations

So… When?

Ah, the classic question. For System76 and Pop!_OS, they hope to ship the new installer as part of the 18.04 release in April, barring any last-minute hold ups. For elementary OS, we’d love to ship it in Juno (and are working toward that goal), but we do have a backup plan to ship the existing installer if we don’t feel the new one is ready yet.


elementary

We design and develop the fast, open, and privacy-respecting replacement for Windows and macOS

Thanks to Daniel Foré

Cassidy James Blaede

Written by

Co-founder & CXO at elementary, Inc. GNOME Foundation member. UX Architect. Writer. He/him/his.

elementary

We design and develop the fast, open, and privacy-respecting replacement for Windows and macOS

Cassidy James Blaede

Written by

Co-founder & CXO at elementary, Inc. GNOME Foundation member. UX Architect. Writer. He/him/his.

elementary

We design and develop the fast, open, and privacy-respecting replacement for Windows and macOS

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store