Can anyone speak as to why Truecrypt/Veracrypt are such difficult projects but the built-in disk encryption used in Ubuntu/Mint isn't? Seems like everyone accepts that The Ubuntu/Mint FDE is fine and secure and yet it gets no attention.
The "built-in disk encryption used in Ubuntu/Mint" is simpler for three reasons:
1. All the crypto stuff is done by the kernel and hence they are not responsible for it.
2. Most of work that goes into setting up the kernel to manage an encrypted drive is done by a tool called cryptsetup and they are not responsible for it.
3. The part where they are responsible for lives entirely in the root's space and hence they are not susceptible to security issues that arises when trying to cross a privileged user/unprivileged user boundary.
The reason why TrueCrypt/VeraCrypt in windows specifically have so much problems is because they are doing everything themselves.
They have less problems in linux because they delegate user data encryption/decryption to the kernel and they cross normal user privileges to root's privileges using sudo.
I appreciate the response. I am not sure I understand the parts about "root's space" and crossing between privileges, it seems like this isn't relevant with FDE?