[SOLVED] Full Disk Encryption Drawbacks?

woodape · 2019-05-10 07:53:52

Hi All,

I'm getting a new laptop that will have two ssd drives which I would like to format as BTRFS RAID0 and do full disk encryption. I came across a thread on Reddit that suggests there is little point to doing full disk encryption: Will be using UEFI for the first time and have some questions.

How valid are these arguments? Is there anything gained from encrypting a full disk rather than everything but the boot partition? Are there any serious drawbacks?

Last edited by woodape (2019-05-11 05:57:57)

schard · 2019-05-10 09:23:33

If you really encrypt the full disk, you won't be able to boot the system without an external boot- / EFI loader, since the BIOS / EFI cannot read any possible loader from the *fully* encrypted disk.
So you would need to carry an EFI loader that can decrypt an dm_crypt / LUKS volume on e.g. a pen drive with you at all time if you want to boot the system.
I have all my computers "fully" encrypted, except the EFI partition and use EFISTUB to load the kernel directly.
It's sufficient for my purposes at work and at home and I thusly avoid carrying a useless brick around with me, if I ever forget the pen drive.

frostschutz · 2019-05-10 10:07:02

The unencrypted /boot partition should not contain any personal info, just a filesystem UUID and that's completely random. So there should be no issue leaving it unencrypted.

That said I use a pendrive anyhow, with encrypted keyfiles on it, so the passphrase I enter is actually unrelated to the LUKS header on disk. (So you need a keylogger and a copy of my pendrive.)

Still, all encryption headers are on disk and there are backup passphrases set to them, so when the pendrive fails, I can use any rescue/live cd to make another.

I don't believe in plausible deniability or rather it's not part of my considerations at all. I just want to use encryption that cannot be broken by merely installing a keylogger or tampering the initrd, things that are usually possible in regular encrypted installs.

Trilby · 2019-05-10 13:45:21

My two cents, which may not be worth it: why encrypt at all?

Encryption makes your computer slightly less easy for you to use in exchange for making it a whole lot less easy for an 'attacker' to use. Even if the inconvenience to you is a trivially small fraction compared to the protection provided against an attacker, you face that inconvenience every single time you turn on your computer ... when was the last time an 'attacker' got your computer. So, I'd argue, the inconvenience to you times the difference in likelihood of your use vs attacker use should be greater less than the protection against the attacker.

Now, the inconvenience to you is pretty trivial, and the protection from an attacker is substantial - so a lot of people therefore conclude that the above inequality is satisfied without ever considering the difference in likelihood of your use and attacker attempts.

For example, the odds of me using my computer on a given day: 1. The odds of an 'attacker' attempting to use my computer on a given day: infintessimally small. This doesn't mean I should ignore the threat, but it means that if the nearly infintessimally small inconvenience to me times 1 / infintessimally-small is not less than the protection provided it's not worth it for me (and thus it's not). I don't encrypt for the same reason I don't have elephant-trampling insurance: even if it were dirt cheap, and even if being trampled would be catastrophic, it just makes no sense.

And the degree of protection depends on what would be lost if an 'attacker' was able to read my data. I don't have any state secrets on my computer. If I had any truly life-or-death top secret material on my system, I'd be required by employer or by law to encrypt it anyways.

Frankly, everyone I know who encrypts their systems really only do it because it sounds cool not because they actually have anything that really gets a net benefit from the process.

So if you want to encrypt because it sounds fun, go for it. But if you want to know if it is really worth it from a security standpoint ... well, if you are asking, the answer is most likely no.

Last edited by Trilby (2019-05-10 13:46:51)

schard · 2019-05-10 15:00:31

Trilby wrote:

when was the last time an 'attacker' got your computer.

I know this was not directed at me, but five years ago, my laptop got stolen.
Aside from personal data, it also contained some projects from my company.
Needless to say, the next day in the office I spent the day changing passwords.
Won't happen to me again.

woodape · 2019-05-11 05:57:42

Thanks, everyone, for the replies. It looks like there isn't a whole of point to encrypting /boot, but that it isn't really all that big a deal if it isn't encrypted. I'll mark this as solved.

Trilby, thanks for your two cents, but my concerns are closer to those of schard. My current laptop is encrypted and, as you say, it really isn't a hassle to put in a password once at boot. I live in South Africa, where devices being stolen is an extremely frequent occurrence. My wife and I have both had our phones stolen and many of our friends and several of my students have had their laptops stolen going home from class. The probability of needing the protection in the equation you sketch out is pretty high for me, so anything I can encrypt, I do.

I don't have state secrets, but I do have all my saved-to-disk emails, photocopies of my passport, photos of my family, lots of stuff I wouldn't want a random thief to be in possession of. You would be surprised (or maybe not) how easy it is for someone to make your life extremely difficult if they are in possession of even a mild amount of relevant information about you and want to use it against you.

Last edited by woodape (2019-05-11 05:59:01)

jasonwryan · 2019-05-11 06:06:49

Trilby wrote:

Frankly, everyone I know who encrypts their systems really only do it because it sounds cool not because they actually have anything that really gets a net benefit from the process.

I choose to encrypt my home machines, but for my work machine it is a requirement of my employment. It has nothing to do with sounding cool, it is simply prudent risk management as part of a company policy.

Similarly, the reason I encrypt my home machines, and endure the "inconvenience" of entering a passaphrase at boot is because, in the case of the laptop, I travel with it and I can use it to connect to my work VPN, and my desktop and server would likely be carted off if my house was burgled. The fact that the data is inaccessible to your garden variety house thief means I would not mourn the loss of the machine, just file an insurance claim safe in the knowledge that they would just be pawning hardware, not my or my family's personal information. That, to me, is worth and extra 5 seconds logging in.

Trilby · 2019-05-11 13:31:00

I may have communicated poorly. I wasn't suggesting that there are not many ways that a risk assessment can lead to a sound conclusion to encrypt. But that's what I thought was missing. Asking for generic advice of whether specific approaches to encryption are worthwhile (or what the drawbacks are) seemed to me a ill-defined question as there is no generic advice even on whether any form of encryption at all is worthwhile: it depends on what you are protecting and why.

If you are protecting family photos, passport photocopies, and that sort of data, then there could be a reason to encrypt these, but none of these would be on the boot partition (in fact they'd not likely even be in your root partition, but only under /home/). So understanding what makes encryption relevant in the first place then answers the original question of whether the boot partition needs to be included or whether there is any reason for full disk encryption.

Moving from encrypting specific files, or one's home directory, to full disk encryption does nothing to address the risks to these sorts of data. Yet I know many people who like to brag that an 'attacker' would not even be able to boot their system if it was stolen. My response is, essentially, so what? Why would you care if an 'attacker' could boot your system if all of the data you cared about was still encrypted?

There are potential answers to this question that would make full disk encryption worthwhile - but "ha ha, siuck it, would-be attacker" is not one of the answers that would make it worthwhile, but it's the only one I've heard from people I know personally who like to talk about how much they encrypt everything.

Last edited by Trilby (2019-05-11 13:35:54)

woodape · 2019-05-11 19:06:59

I suppose I could have mentioned that I was considering encrypting boot mostly to not have multiple partitions on my BTRFS RAID0 setup, but I didn't think it necessary. I find it hard to read into my question that my motivation for asking was anything close to "ha ha, suck it, would-be attacker" or just to brag. I think my question was specific enough, asking about full disk vs everything but boot, potential drawbacks, referencing other conversations on the subject. If I knew all the nuances of encryption, I wouldn't have needed to ask.

But in any case, I've gathered the insight I was looking for and am happy to have this thread closed or remain solved.

For any future readers, I've decided against encrypting boot for the time being, as a separate boot partition will be quite small and certainly carry no information that I would be worried about a thief possessing. schard indicates that the linked reddit conversation was correct, something must remain unencrypted for the computer to actually boot up, and though there are possible paths to fully secure the drives, they don't seem worth the effort for what I'm attempting to defend against.

Thanks for the thoughts, have a good weekend all

Arch Linux

#1 2019-05-10 07:53:52

[SOLVED] Full Disk Encryption Drawbacks?

#2 2019-05-10 09:23:33

Re: [SOLVED] Full Disk Encryption Drawbacks?

#3 2019-05-10 10:07:02

Re: [SOLVED] Full Disk Encryption Drawbacks?

#4 2019-05-10 13:45:21

Re: [SOLVED] Full Disk Encryption Drawbacks?

#5 2019-05-10 15:00:31

Re: [SOLVED] Full Disk Encryption Drawbacks?

#6 2019-05-11 05:57:42

Re: [SOLVED] Full Disk Encryption Drawbacks?

#7 2019-05-11 06:06:49

Re: [SOLVED] Full Disk Encryption Drawbacks?

#8 2019-05-11 13:31:00

Re: [SOLVED] Full Disk Encryption Drawbacks?

#9 2019-05-11 19:06:59

Re: [SOLVED] Full Disk Encryption Drawbacks?

Board footer