0

I have a HP ENVY x360 13 with an AMD 4700U. I have used Ubuntu in a VM for probably a decade, but I am interested in making 20.04 my daily driver. With W10 Pro I don't have to "think" about encryption security. Between the TPM device, Bitlocker, and Windows Hello I have full-disk encryption that works with a fingerprint/PIN coupled with the TPM device.

I realize by installing Ubuntu I will most likely lose the ability to use the fingerprint sensor (from my research I do not think it works with my laptop), and I will have a password to unlock the encryption on boot and then a OS specific password I would have to type in every time I want to unlock my laptop (a fairly large drawback over the Windows Hello fingerprint/PIN).

My questions are more around the encryption itself. I will install/encrypt using this method:

full disk encryption with 20.04

  1. I tested this in a VM, and I noticed some smaller partitions that are not encrypted. What are these unencrypted partitions and can/should they be encrypted?

  2. Is the Swap space and hibernation file encrypted under this method? If not how can I make sure they are.

Edit:

Partitions

Tsyras
  • 101
  • 1
  • Edit your question and attach a screenshot of the partitions you are asking about. Also, cut and paste the output of `sudo fdisk -l`. Let us know which partitions you specifically have questions about. On a separate note, take a look at Howdy to unlock your laptop like windows Hello (https://github.com/Boltgolt/howdy); you will still need to enter your password to unlock your key ring, so it's not a complete solution. – Enterprise Apr 06 '21 at 19:09
  • Thanks for the information. I added the screenshot. I hadn't checked fdisk before this, in my OP I was referencing the extra partitions seen in the Disks application. – Tsyras Apr 06 '21 at 21:01

1 Answers1

0

Impossible to say what these unencrypted partitions are if you don't show us, but probably some boot partition, or additional partitions that are not / or /home and are not automatically encrypted. The latter you can always encrypt later on however.

As to the swap space, from Ubuntu 18.04 on swap is no longer a separate partition, but a file stored on the root filesystem, so with FDE it would be encrypted as well.

Sebastian
  • 1,218
  • 1
  • 7
  • 14