LockBox 1.0LockBox is one of the most recent additions to the DistroWatch database. LockBox (sometimes referred to as LBX) is a Linux distribution derived from Ubuntu and elementary OS. It is especially intended for storing and managing cryptocurrencies. It includes several hardened configuration changes for security purposes, a highly restrictive firewall setup, several applications designed for data backups, a password manager, and the Brave Internet browser. LockBox is available for x86_64 machines exclusively and its install media is 3.4GB in size.
In a curious case of life imitating art, the LockBox website currently describes the project using a quote from the DistroWatch information page about the distribution.
One of the first things I discovered about the distribution is LockBox will not boot in Legacy BIOS mode. A boot menu will appear and begin a countdown from five seconds. When the countdown reaches zero, or when we select any of the boot options, the counter simply resets to five seconds again. The boot menu offers to let us "Try or install elementary OS" or "Check disks for defects" and both options simply reset the boot menu counter. When trying to launch the distribution in UEFI mode, only the Try/Install option is presented and choosing it boots the distribution's live environment.
When the live system boots we are shown a graphical window where we can choose our preferred language from a list. We are given the choice to try the live desktop, which loads the Pantheon desktop. Alternatively we can launch the system installer. I'll talk about the Pantheon desktop later in this review.
LockBox 1.0 -- The Pantheon application menu (full image size: 616kB, resolution: 1366x768 pixels)
LockBox makes use of the Ubiquity system installer. It's a friendly, graphical installer that should be familiar to anyone who has used a member of the Ubuntu family of distributions. Ubiquity does a fine job of getting our keyboard layout and time zone, setting up a username and password for us, and partitioning the hard drive. Both guided and manual partitioning options are available and I find them quite easy to navigate. Ubiquity worked well and offered to restart the computer for me when it finished.
The only thing that stood out during the install process was, like many Ubuntu-based distributions, LockBox offers us the option of installing third-party software such as media codecs and wireless support. On this screen there is an option to toggle downloading package updates during the install process. This option is toggled on and the control disabled, preventing us from turning off the download option.
LockBox boots to a graphical login screen. Signing into my account brought up the Pantheon desktop. A thin panel is placed at the top of the screen and a dock holding web browsers and a few other applications sits at the bottom of the display. The top panel holds an application menu, clock, and system tray.
Once the desktop finishes loading a welcome window appears. The greeter offers to link us to online support options. Clicking these links opens a web browser and connects to the elementary OS documentation and support resources. The welcome window then offers to enable nightlight support (to adjust the screen colour during different times of the day). The wizard then offers to delete temporary files on the system, which I found odd since I'd just started using the distribution so there shouldn't have been any temporary files to remove yet.
The final two screens of the welcome window offer to launch the distribution's software centre and open the system settings panel. The welcome text refers to the distribution as elementary OS, something most of the screens and tools included with the distribution do, so the LockBox team haven't spent much time rebranding their project.
Soon into my experience with the distribution a notification appeared in the upper-right corner of the screen letting me know new package updates were available. Clicking this notification while it was on the desktop would open the software centre and show a list of available updates. However, if I ignored the notification at first, waiting until it disappeared, I could then click on the notification icon in the system tray to see the same information. I found clicking the entry in the system tray notification widget simply cleared the entry and did not open the software centre.
LockBox ships with several web browsers. The Chromium browser is installed along with the Epiphany browser. Then there are two privacy-focused browsers: Brave and LibreWolf. LibreWolf is a privacy-focused fork of Firefox and is a browser I haven't previous found installed by default on a Linux distribution.
The distribution also includes a news feed reader, an e-mail client, the KeePassXC password manager, and a photo viewer. The distribution also ships with the Music and Videos tools provided by elementary OS. The Gufw firewall tool is included along with the elementary file manager.
LockBox includes a nice settings panel for adjusting the look and behaviour of the Pantheon desktop. Manual pages are includes along with the GNU Compiler Collection, the systemd init software, and version 5.4 of the Linux kernel.
I was surprised at first to find software included in LockBox is a bit on the older side. The GNU compiler, for example, was at version 7 which is about two years old. Likewise Linux 5.4 is about two years old at the time of writing. I discovered this is due to LockBox being based on elementary OS 5 "Hera" rather than the more recent release of elementary OS 6 "Odin". In short, most software included on the distribution will likely be close to two years old.
There were a handful of applications I felt stood out during my trial. For instance, this is the first distribution I can remember using that includes the Vorta backup application. This is a front-end desktop tool for creating backup archives and transferring them to remote servers. Vorta has a nice interface with simple, clear options and it feels like a good solution for people who want to schedule and transmit backups over OpenSSH to remote computers.
LockBox is unusual in that it ships with strict firewall rules. It not only blocks all incoming network connections (which is fairly common), it also blocks many outgoing connections. Web traffic is permitted to leave the system, but most other network protocols are blocked. Looking at the Gufw firewall utility we an see the default rules are to block all incoming traffic and all outgoing traffic too, apart from a few exceptions like connections to web servers. OpenSSH and most other network protocols are forbidden by the firewall unless we tweak the default rules. This is an interesting and unusual approach and it meant I had to add new firewall exceptions in order to login to remote servers, send ping requests, and transfer backups.
Perhaps the most interesting item in LockBox's toolbox is OpenSnitch. When OpenSnitch is launched it monitors all network connection requests and pops up a window letting us know when new programs try to connect over the network. We are then given the chance to permit the network connection or block it. The main OpenSnitch window offers a number of tabs with the main one displaying a list of events. This list shows recent connection attempts and their result (allowed or denied). We can then explore the other tabs to see more information about network activity and adjust the rules OpenSnitch is enforcing.
For instance, I might find that my web browser is blocked from attempting to connect to a remote website once I launch OpenSnitch. I can see any outgoing browser requests that are being stopped in the Events tab. I can then switch to the Rules tab, click the browser's entry and toggle its rule to allow outgoing traffic. This will allow the browser to resume working.
LockBox 1.0 -- Using OpenSnitch to block the Brave browser (full image size: 185kB, resolution: 1366x768 pixels)
OpenSnitch is surprisingly user friendly and does a very nice job of organizing its traffic events, rules, and showing us which applications are allowed or blocked from accessing the network. The pop-ups from OpenSnitch when new programs want access to the Internet can get tedious after a while, but we only need to respond to each program's request once. OpenSnitch remembers our answer and applies our ruling automatically from then on.
The LockBox website mentions crypto tools and cryptocurrency at least twice on the front page. The project describes itself as "security + privacy + crypto" and later states: "Download, burn, and install your way to a more secure operating system for your crypto." So I was surprised when I could find no crypto software on the system. There were no cryptocurrency wallets, recovery tools, or mining utilities as far as I could see. Certainly none in the application menu and nothing came up when I checked the command line for common crypto programs.
When I began using LockBox it was in a VirtualBox instance. The distribution provided about average, or slightly worse than average, performance. The desktop resized automatically with the VirtualBox window and the system ran smoothly. When run on my laptop all my hardware was detected successfully, desktop responsiveness was excellent, and the distribution was stable.
Earlier I mentioned LockBox could boot in UEFI mode only and would not get past the boot menu when run in Legacy BIOS mode. This proved to be true when running both in the VirtualBox instance and on the laptop.
The distribution consumes about 550MB of memory when sitting idle at the Pantheon desktop. The distribution consumed about 18GB of hard drive space for the root filesystem. It also consumed a bit more disk for a swapfile which is automatically set up for us.
LockBox uses elementary OS's App Centre as its graphical package manager. This application is divided into two tabs, one for browsing available packages and one for viewing, removing, and updating existing applications. The software centre has a fairly simple layout that I found straight forward to navigate.
LockBox 1.0 -- Fetching updates with the software centre (full image size: 387kB, resolution: 1366x768 pixels)
LockBox pulls in software packages from Ubuntu's repositories, mostly. There are also some repositories set up for the Brave browser and the elementary OS project. As far as I can tell there aren't any repositories and PPAs specific to LockBox, which may explain why most of the artwork still says "elementary OS" on it.
I want to talk a bit about the project's stated goals and how well it accomplishes them. The LockBox website currently lists three objectives, which I'll list here along with my impressions.
Fast: Powered by elementary OS, the customized LockBox image has been stripped to bare necessities thus making it lightweight and seemingly fast.
I am divided on this claim. On the one hand, LockBox is fast, at least when running directly on my laptop. It's a little sluggish in a virtual machine, but if we focus on the real life hardware side of things then LockBox is indeed fast. However, the distribution is not at all stripped down or lightweight. In fact, a fresh install of LockBox is a massive 18GB (plus swap file) on the disk, easily three times larger than most mainstream Linux distributions. The memory consumption is about average, around 550MB. This puts LockBox in the medium to heavy range of Linux distributions, quite the opposite of being lightweight or stripped down.
Secure: LockBox is a custom secure operating system leveraging the power of a variety of open source security and privacy tools.
I definitely agree with this description. LockBox may be one of the most locked down (from a network perspective) and privacy-oriented distributions for general desktop use. Putting aside specialty distributions such as Tails or Qubes OS, I'd say LockBox is one of the better desktop distributions for network privacy. There could have been more done to add application sandboxing, beyond what AppArmor provides, which would help, especially with the web browsers. This would certainly lock down the distribution further. Still, I really like the networking customizations like the Gufw firewall rules. OpenSnitch is a great tool for monitoring and blocking specific applications and including privacy-focused browsers like Brave is a nice touch.
Easy: Download, burn, and install your way to a more secure operating system for your crypto.
This claim puzzles me as there doesn't seem to be anything crypto-oriented about the distribution. I didn't find any Bitcoin wallet, crypto-recovery tools, mining software, or even classic crypto tools like KGpg installed. I agree the distribution is easy to install and set up. I like the Ubiquity installer and the easy to navigate settings panel. I just don't see how the project relates to crypto.
I had mostly good impressions of LockBox. The operating system is easy to install, has a fairly friendly desktop environment, I like the settings panel, and Pantheon offers a fairly friendly experience. I'm not a fan of the desktop effects and some of the overly simplified default applications, but I can see why they would appeal to some people. Performance, at least on physical hardware, is good and the distribution can pull from the massive Ubuntu software repositories to add anything we need.
I'm a big fan of the OpenSnitch application. Having it installed and on the dock by default was a nice touch and I'm mostly happy about the strict firewall rules. I did need to open a few gaps in the firewall to allow me to ping and use OpenSSH, but otherwise I think the default "deny in/deny out" firewall policy with exceptions for web browsing is welcome. I also like that a range of web browsers are included, from the privacy-focused Brave to the lighter Epiphany, and the more mainstream Chromium.
There are a few things I didn't like about LockBox. One is that it's basically an older version of elementary OS. The repositories, software, desktop, and branding are all provided by elementary OS 5. The whole distribution feels like we could have accomplished the same thing by installing elementary and then adding a few web browser packages and firewall rules. I don't mind LockBox being close to its parent, but I do wonder if the project (and its users) might be better served with a newer base that will receive longer support. Users may also be confused as to why they installed LockBox, but it keeps calling itself elementary OS and they get directed to elementary documentation.
Finally, my last issue is that LockBox was pleasant enough to use, but its description on the website doesn't appear to match what the project is actually accomplishing. The goals of being stripped down, lightweight, and good for crypto are not reflected in this distribution. This feels like elementary OS with a few more browsers and network security tools, not something light, minimal, or crypto-oriented. In short, LockBox is a decent desktop distribution and has some good tools for the security-minded people of the world, but it feels like it has an identity crises where what it sets out to be is not what is it.
* * * * *
Hardware used in this review
My physical test equipment for this review was a de-branded HP laptop with the followingspecifications:
Processor: Intel i3 2.5GHz CPU
Display: Intel integrated video
Storage: Western Digital 700GB hard drive
Memory: 6GB of RAM
Wired network device: Realtek RTL8101E/RTL8102E PCI Express Fast