Summary
Yunohost needs to offer disk encryption to the masses.
Problem
I see no docs or FAQ about disk encryption. If your Raspberry holds all your valuable data and somebody steals it, he’ll have it all!
OTOH, if you are not careful, you could lose it yourself.
Solution
Yunohost should offer disk encryption. Encrypting data should be enough. Behind the scenes it could use a partition, or could create a block device and mount it (if partitioning is too much).
UX
When encrypting, the UI would ask you for a password or let you plug in an USB to be used as decryption key. Also it would ask you size, and tell you the pros and cons in an Understandable way.
When blocked, the UI would display a message asking your encryption password or telling you to plug in your security USB drive.
Another UI should let you modify the password or USB drive.
Alternatives
No encryption. Not a good one, though. Current situation.
This is I think a quiet complex question.
On my side, I encrypted 2 disks on my server (root and data, backups are not on an encrypted disk but are encrypted on their own), but I did this manually.
You can not know in advance how YunoHost will be used, on which hardware, with how many disks, the importance of each disk, the access the admin have on the machine, etc…
For exampje, for a few years, I had a backup server as a raspi + external HDD at my father’s house.
In this case, the root partition should not be encrypted because I would have no way to enter the password on boot.
In my current state, 2 out of 4 disks need encryption (no need to encrypt twice).
If you only have 1 disk and want to encrypt it, there is no way to have a web interface to enter the password as the web servers are on this disk and decryption is needed to have them.
So I think that this is way too complicated and dependant on the use cases to have a standard implementation
Indeed, and as the devs are already overloaded with work, everyone is welcome to contribute to the documentation (including you ).
As for the automation of the server encryption, I don’t know. This would be awesome indeed. But that’s so complex to implement and there is so much corner case (e.g. depending of the hardware, you have different kernel versions)
The project https://internetcu.be/ (basically Yunohost + vpnclient + hotspot on Lime 1/2) was offering the possibility to do an installation with full disk encryption (you could unlock your Yunohost via a web page), but it’s no longer supported. The maintainers got some big issues with a major upgrade of the Linux sunxi kernel.
So some work has already been done in the past to achieve this (only for the lime 1 and 2), but it’s not sufficient to want it to happen, people have too give a considerable amount of time to implement this and most importantly to maintain it (or the lambda user could have a broken system that won’t even startup anymore).
I think (never tested this) that there is a way to put the encryption key on an usb stick.
But if the stick stay plugged in the computer, stealing the computer means tsealing your datas.
There is some articles explaining how to set up Ubuntu to enable remote FDE unlocking via SSH (like this one). I don’t know if it works with Debian (probably), Armbian and/or Raspbian.
A simple way to get a system with disk encryption, is to setup debian with disk encryption (you can choose lvm encryption in partition step). Next you turn into yunohost your debian via the install script.
It allow you to uncrypt your server with a simple keyboard, no need of screen, just type your passphrase 20s after booting.
If you want to give your passphrase via ssh or a webpage, it’s more complex.
What about using stacked filesystem encryption? It would work regardless of the filesystem structure beneath it, it wouldn’t leave the system unbootable, and it would be able to leave yunohost in a “my services are stopped because I’m waiting for the admin to enter the unseal password” state.
The way I do FDE on my server is I have a Raspberry Pi Zero connected to the server via USB. The Pi emulates a USB keyboard, so I can SSH into the Pi to enter my password into the server.
You should use dropbear-initramfs. With cryptsetup to unlock the fullencrypted root system by ssh. But I was thinking on an initramfs tiny web server to create a small webpage and ask for the encryption passphrase via web. The problem was security.
I have a step by step to make it available on an odroid xu4 but each time I update the system I run I’m trouble.
PS my plan was more obscure as the end. I plan to put yunohost in a lxc VM. Which is hosted on a ceph volume. But I have no time for that. And more project abandon 32bits arch.
As I am a noob, the 2 encrypted disks use different ways…
The internal disk is crypted via LVM, the external via Cryptsetup (and the backup disk is not, but borg crypt the data on it’s own)
Hi lvm is not an encryption tool but a logical volume manager. To simplify it is a software that do the same as hardware RAID. It concatenate or divide disks in virtuals disks.
).