Highlighted
Christophe14
2 Bronze

XPS 13 9370 Ubuntu full disk encryption

Hi,

I have just received a XPS 13 9370 Ubuntu and I have some questions.

I will post one thead per question.

First question:

During the Ubuntu 18.04 configuration installation, there was no full disk encryption (LUKS) option.

From what I have understood, this shall be done during Ubuntu configuration, otherwise it seems more complicated.
Did I miss something ? Has Dell removed this option in Ubuntu installation process ?

Shall I reinstall from a Dell Recovery Ubuntu USB key so that the option is proposed ?

Thanks in advance for your hints.

Kind regards

0 Kudos
65 Replies
Christophe14
2 Bronze

Re: XPS 13 9370 Ubuntu full disk encryption

I am answering to myself.

From what I have understood the best solution would be to boot from Dell Recovery Ubuntu USB key created and select 'Erase disk and install Ubuntu' + Encrypt... + LVM...
But this would mean loosing the Dell recovery partition.

If someone has a better idea, feel free to post.

 

0 Kudos
Christoph123
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

Hey there,

it seems we're in the same boat. I received my XPS 13 9370 dev edition last wednesday, and the lack of out of the box full disk encryption is giving me huge headaches. Already spent 3 evenings over this stuff.

  • So the machine comes without home or root partition encryption
  • I created the recovery USB stick and booted into that (mashing F12 during boot logo screen)
  • The default option just goes back to square one, unencrypted default install
  • I went with the "erase disk and install ubuntu", then picked the option to create an encrypted disk, chose a password and installed
  • The problem is: The encryption passphrase is not recognized. It's not keyboard layout problems or something like this, I reinstalled numerous times, a passphrase "abcd" does not get recognized either

I then went on to try to set up the partitions manually, but failed at this - there seems to be some intricate steps to it that I'm not aware of. For me, after setting up what I considered reasonable (basically alotted all 2 GB of disk space unencrypted ext4 for /boot, the rest to an encrypted disk, put in most of it as / and the rest as Swap) the installer straight out crashed. This whole config screen is aggravatingly hard to operate since it's super tiny on my 4k laptop screen and it seems you cannot revert a wrong step, you have to reboot and start from scratch. I found this guide on setting up FDE manually, but it seems extremely cumbersome.

On the default factory install I do not see the option to encrypt home either by the way, from what I've read this has been removed in favor of Luks FDE in Ubuntu 18.04.

So as far as I can tell there is zero disk encryption available on the developer edition Ubuntu without some serious hacking, which I really wish I was told before buying it. I was hoping to get some actual functional OS when buying it as a pre-installed and supported operating system.

@Christophe14 Did you make any progress on this? 

 

0 Kudos
Christophe14
2 Bronze

Re: XPS 13 9370 Ubuntu full disk encryption

Hi

In fact, as I am not a Linux expert, I wanted to have feedback before performing any trial.

From what I have investigated so far :

There is a bug in home encryption. This explains why it has been removed from Ubuntu 18.04 installer.
https://www.linuxuprising.com/2018/04/how-to-encrypt-home-folder-in-ubuntu.html
https://askubuntu.com/questions/1029249/how-to-encrypt-home-on-ubuntu-18-04
In fact, there were 2 bugs and one has been fixed.

There is also an issue regarding keyboard layout for full disk encryption password.
https://blog.mgor.net/2018/05/20/ubuntu-18-04-bad-password-when-trying-to-unlock-luks-encrypted-devi...
https://askubuntu.com/questions/1031302/ubuntu-with-full-disk-encryption-bad-password-after-upgrade-...

That could explain your password issue encountered for full disk encryption.
Do you have a QWERTY keyboard ?

Finally, you mentioned you have created a recovery USB stick.
How did you create it ?
I have created a Dell Recovery Media when it was proposed during first Ubuntu installation.
When booting from it, it is not a standard Ubuntu setup configuration.
It proposes either to Restore entire hard drive or to Restore only Linux OS partition.
If you had the same choice, what did you choose to have "erase disk and install ubuntu" option ?

0 Kudos
Christoph123
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

Hey, yeah, unfortunately the passphrase issue does not seem to be related to the keyboard layout, I tried putting "abcd" as I wrote above, that does not work either. I did as you described to create the recovery bootstick (I did it after install, the program is available as an installed app on the normal ubuntu desktop), I saw the two options you mentioned, and the lower one is the one I went with. On the screen following you can choose "encrypt my entire hard drive"
0 Kudos
Christophe14
2 Bronze

Re: XPS 13 9370 Ubuntu full disk encryption

Hi,

OK. I will perform some tests next week and share the results.

Thanks.

 

0 Kudos
Christoph123
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

So, here's to another attempt at re-installing from the recovery USB with encryption.

I still am not able to unlock using the password I set, but I decided to have a look at the partition scheme installed so booted into the recovery USB, quit the installer and launched the "Disks" utility.

The disc has 3 partitions:

  • nvme0n1p1 - EFI System, FAT 32 bit (537 MB)
  • nvme0n1p2 - Linux Filesystem, Ext4 (supposedly /boot) (768MB)

The rest of the disk is taken by the encrypted volume. I noticed I can actually unlock the LUKS volume. I tried that with my chosen password and actually that worked, so it must be some misconfiguration of the password prompt on boot. After unlocking I see the "Linux Filesystem" LUKS Encryption version 1 volume.

I wonder if some adjustment to the boot password prompt config would fix this

0 Kudos
Christophe14
2 Bronze

Re: XPS 13 9370 Ubuntu full disk encryption

Damned, I am facing the same issue !

As I have a French keyboard on the XPS 13, the passphrase created is 'eeeee' (with Dell Recovery Media USB key).
But it is not recognized at boot. So I agree the issue is not coming from layout keyboard (e is at the same position for French or USB keyboard).
I was also able to boot from Linux Mint live disk and able to unlock or change the passphrase.
So the passphrase created is correct.

Any idea ?

0 Kudos
Christophe14
2 Bronze

Re: XPS 13 9370 Ubuntu full disk encryption

I have successfully created a working passphrase using the standard Ubuntu 18.04.1 Live installation process.

The passphrase "eeeee" is recognized. I was also able to change the passphrase on the AZERTY keyboard.

So, it means Dell Recovery Ubuntu iso file has a bug with full encryption feature.

Any idea to workaround the issue ?

Is there a way to create a passphrase with standard Ubuntu 18.04.1 and to reinstall on top Dell Ubuntu 18.04 for XPS 13 9370 ?

For the moment, the standard option for Dell Recovery Ubuntu is to erase and reinstall, meaning I will probably loose the working passphrase.

Christoph123
1 Nickel

Re: XPS 13 9370 Ubuntu full disk encryption

Ah, great find, thanks for trying it out with vanilla Ubuntu.

I also tried this out and it worked for me as well.

However, I was wondering about the cusomizations that the dell distro has, so I took a snapshot of the /etc directory and installed packages between Dell XPS13 recovery-installed Ubuntu against a vanilla Ubuntu 18.04.1

On thing that I noticed is that the XPS13-Ubuntu identifies as 18.04 in /etc/issue.net, while vanilla Ubuntu shows 18.04.1 - this is awkward since Dell policy seems to be to only update Ubuntu LTS when the .1 release is shipped - why does it then ship with non-18.04.1 out of the box?

I also had a look at the custom package sources configured (in /etc/apt/sources.list.d) and the differences in installed apt packages. There is a bunch of dell-* packages installed on the dell system that are not available on the dell Apt Repo, which is very awkward, where do these packages come from and how would they get updated?

So far, the system with vanilla Ubuntu seems to be running well, so I'll probably go with that for now.

It would still be nice for someone from Dell maybe chime in here and comment on the bug and whether it will be fixed, I think this issue is pretty severe.

0 Kudos