Ubiquity needs support for fscrypt

[Redsandro]

Linux Mint 19 proposes home encryption using eCryptfs, which hasn't been maintained for 4 years.

I've been manually replacing eCryptfs with fscrypt in Linux Mint 19 for encrypted homes. fscrypt is more memory-efficient, uses more up-to-date cryptography than eCryptfs, and it does not require setuid binaries.

fscrypt is ext4 native encryption, and now supports v2 kernel encryption policies, which depends on kernel 5.4.

It's time to replace the deprecated and unmaintained stacked old fuse-based ecryptfs with native fscrypt support, and bring encrypted homes back to modern times with Linux Mint 20.

I have previously suggested this for Ubuntu 20.04, but as we know, they have dropped home encryption and are now pushing full disk encryption.

---

ℹ️ Please note that fscrypt in the Ubuntu 20.04 repositories is (currently) very old. See https://bugs.launchpad.net/ubuntu/+source/fscrypt/+bug/1882993

ℹ️ See also: fscrypt on Archlinux Wiki

[Redsandro]

I believe setting this up depends entirely on ubiquity, but that repository doesn't allow issues to be opened.

The ecryptfs code imported over 8 years ago by @frgaudet, with fixes backported 4 years ago by @clefebvre, would need to be rewritten to automate setting up fscrypt in stead of ecryptfs.

Automation and detection would probably take the most figuring out, because manual setup is not complex:

apt install fscrypt libpam-fscrypt
fscrypt setup
fscrypt setup / # always
fscrypt setup /home # only if separate partition
fscrypt encrypt /home/$USERNAME

One could argue that this will break compatibility with previously encrypted homes when reinstalling without formatting /home. So the debate would be performance and security versus backwards compatibility.

Although technically a conversion script could be written in ubiquity too, which mounts the old home using ecryptfs and moves the files to the new home using fscrypt.

It could be done before the beta. If desired.

[Redsandro]

Mint 21 still sticks to eCryptfs? I secretly hoped for fscrypt by now. It's okay, I will set it up myself. But I think everyone would have benefited from fscrypt. It's really fast. This is how it should be, and Linux Mint used to be "Ubuntu how it should be." 😉

Also, I think the release notes are out of date:

Home directory encryption

Benchmarks have demonstrated that, in most cases, home directory encryption is slower than full disk encryption.

There is no link to these benchmarks. If it did, people would see they are 10 years old and based on the slow eCryptfs versus LUKS when LUKS got AES-NI hardware acceleration. The modern fscrypt is mature since kernel 5.4.

If nothing else, please vote upstream by choosing "this bug affects me too". Maybe Ubuntu will fix it some day, and Mint can benefit from it. 🙂

[Redsandro]

Linux Mint 21.2 Victoria Release Notes

Home directory encryption

Benchmarks have demonstrated that, in most cases, home directory encryption is slower than full disk encryption.

The move to systemd caused a regression in ecrypts which is responsible for mounting/unmounting encrypted home directories when you login and logout.

@clefebvre (continuing our conversation from here) isn't this release note outdated by now?

When ecryptfs (2004) was initially deprecated upstream, it was so slow that full disk LUKS/dm-crypt was faster despite the overhead of decrypting your entire root together with home. These years, fscrypt (2016) is quite performant and adopted by Chrome OS and Android because of it's lightweight performance. It has since been merged into mainline 5 years ago and elected as a default for future systemd/homed on ext4.

Some believe full disk encryption is overkill, that's why Linux Mint offers ecryptfs home encryption. But ecryptfs is a heavy performance hit compared to fscrypt.