answered
2015-10-23 03:47:23 +0200
little workaround i just tried:
/dev/mapper/sdcard /home/nemo/crypt ext4 defaults,noatime,user,noauto 0 0
sudo /usr/sbin/cryptsetup open /dev/mmcblk1 sdcard --type plain
mount /dev/mapper/sdcard
sudo /bin/chown nemo /home/nemo/crypt
umount /home/nemo/crypt
sudo /usr/sbin/cryptsetup close sdcard
- install sudo and edit
/etc/sudoers
:
nemo ALL=NOPASSWD: /usr/sbin/cryptsetup close sdcard
nemo ALL=NOPASSWD: /usr/sbin/cryptsetup open /dev/mmcblk1 sdcard --type plain
nemo ALL=NOPASSWD: /bin/chown nemo /home/nemo/crypt
there you are! More a hack than a solution, but this will protect your photos.
PS: this comes with absolutely no warranty, do not just copy+paste!
see also keychain linked to TOH & link all/previous changes to TOH
AL13N ( 2013-12-26 01:45:17 +0200 )editThis should be fairly easy, as Linux already has all these LUKS/dmcrypt and eCryptFS stuff done. It might however need more CPU and thus consume battery. Maybe better put it as an option users can choose it they want to.
Please add tag 'securiity'
otto ( 2013-12-26 23:34:48 +0200 )editBesides home directory ecryption, also include option to encrypt SD card contents. That would be something that not even Android supports yet. And please use some standard Linux crypto so that the SD card can be mounted and opened without the original phone.
otto ( 2013-12-26 23:36:42 +0200 )edit@otto this isn't as easy as one might think, because there's a lot of catch 22's here... order of services becomes important, etc... in theory all elements are available, but i can guarantee that alot of time will be spent in order to combine it into "1 feature"
AL13N ( 2013-12-26 23:38:28 +0200 )editLooking at the locked bootloader shitstorm today, we need encryption ASAP to allow the boot loader opened again: vote, vote, vote!
We must not loose any more developers!
ortylp ( 2013-12-28 13:25:13 +0200 )edit