Updated: 27/06 with some additional notes on using fscrypt
Not cut out to be a Mac owner
Recently I started some contract software development work. As my ThinkPad x200 is getting a bit long in the tooth I was in the market for a laptop for work. After working on Mac’s for the past 5 years I initially bought a new MacBook Pro 13 inch (with touchbar) however the purchase experience all went a bit awry. Firstly the delivery went missing and after an investigation from the delivery firm I was informed “the driver no longer works for us, the package is irrecoverable” Apple kicked off their own process. Customer service from Apple was quite disappointing, it took them a good few days after the delivery company told me the package was irrecoverable before they dispatched a replacement.
Secondly, Apple had in the meantime announced a refresh with improvements to the MBP keyboard. After all those delivery issues and leaving me waiting for my replacement I received an already old model. At this point I realised I’m happy to be a Mac user but perhaps not cut out to be an owner.
Looking elsewhere I decided to return the MBP and ordered a new XPS 13: it’s the right form factor (albeit wrong aspect ratio), no longer has a nosecam and should run Linux well. They sell a version with Ubuntu preinstalled after all.
Dell XPS 13 - 9380
I went for a standard option with 1080p screen but upped the RAM to 16GB, this was available with fast delivery. Models with Ubuntu preinstalled would have taken a while longer to arrive. As I needed the laptop for work which had already begun that wasn’t really an option.
The keyboard on the XPS 13 is nice, it has decent key travel and an escape key.
Unfortunately the keyboard I received had an issue where the left side corner of the spacebar was a bit mushy and unresponsive. This appears to be a common issue.
As the laptop came with a years premium support I phoned Dell and within 2 working days an engineer had visited me and replaced the keyboard. The issue is no longer present \o/
Once the laptop arrived I downloaded Ubuntu to a USB stick, rebooted to the installer and couldn’t see the hard drive, huh.. 🤔
Turns out the NVMe drive in the XPS ships in RAID compatible mode. I’m not sure why but it has been an issue for people looking to install Linux on older models for a while now. The fix (toggling an option in the BIOS) breaks the preinstalled Windows.
During the Ubuntu install I noticed the option to encrypt the home directory is no longer available. This decision was taken in ubuntu#1756840 - I’m sure it wasn’t taken lightly. If software which performs such an important role can be described as buggy and under-maintained I’m pleased the Ubuntu team took the decision to remove it.
In the past I’ve struggled a bit with LUKS and from what I’ve read about block level encryption on NVMe drives I didn’t fancy giving it a try. I don’t want to be left compiling my own kernels.
Once Ubuntu was installed I looked into alternative encryption options. Given
I’d also partitioned a single
/ partition fscrypt looked like the
- Integrates with PAM to unlock files at login
- It’s an active project out of Google
- It’s written in Go so I’m more likely to understand its internals
Once configured directory contents are encrypted this looks something like this
These excellent clear instructions on setting up fscrypt worked for me with a couple of caveats:
- I didn’t
rm -rfthe backup immediately! I left it around for a couple of reboots… just in case.
- I had to reboot after enabling encryption on my ext4 device before configuring fscrypt.
I’m curious if we’ll see fscrypt
/home/$USER encryption as an option in future
OUTSTANDING “Linux on the desktop” issues
It’s still early days with the XPS 13 for me and I’m already following a couple of issues on launchpad and waiting for fixes make their way upstream into the kernel.
Missing bluetooth after sleep ubuntu#1799988 - it looks like a fix is on its way for this.
Occasionally I’m seeing a flicker on the screen. I’ve only noticed it on Ubuntu since I switched to using Wayland but I haven’t tried to debug further yet, the flicker is brief and only slightly distracting. My reckon is that it’s to do with Intel Graphics on Wayland.
With all these issues considered I still have to say it’s a great laptop and I’m really happy with it.
Additional notes on fscrypt (27/06/2019)###
Some things which I didn’t figure out immediately after setting up my laptop with fscrypt have popped up and are worth noting. First I had an issue with Firefox failing to download files, I was happily working around this and figured it would be patched quickly. The second issue was with Docker volumes which gave the game away. After rebooting my laptop and restarting some docker containers which had persistent volumes I noticed errors. After opening a shell in the container it was quick the volume was mounted while still encrypted using fscrypt.
The version of fscrypt shipped in Linux kernel’s below 5.1 has behaviour where
any attempts to move (e.g. using
mv) unencrypted data into an encrypted folder
will fail. In a recent commit the error returned from the kernel
changed. This tells tools (such as
mv) to take a different action and instead
of renaming they copy the contents to a new file.
I highly recommend taking a read of that commit message as it’s extremely well written and helped me understand what was going on within the kernel. It has also left me considering the power operating system’s have with regards to how we interact with data and ingraining habits (both good and bad) over time.
This Firefox launchpad bug has confirmation that the issue goes away when running a kernel >=5.1. I’m hoping for something similar with the docker volume issue I’ve been seeing, but suspect that may be working a bit differently.