Ubuntu 23.10 to Feature Experimental TPM-backed Full Disk Encryption
Ubuntu 23.10 daily builds keep getting exciting new additions!
Earlier we had covered the major PPA changes, and the new Flutter-based store (which also landed with the latest daily builds).
Now, we have yet another major change that is set to enhance the security of Ubuntu systems; by changing how users handle the encrypting of their disks (if enabled).
The initial support for the feature is set to arrive with Ubuntu 23.10 and will be improved in future Ubuntu releases.
Linuxiac:
-
Ubuntu 23.10 to Introduce an Experimental TPM-Backed FDE
Trusted Platform Module (TPM) full disk encryption is a security technology that combines hardware and software to protect the data stored on a computer’s hard drive.
It is a hardware-based component, a microcontroller, that is typically integrated into a computer’s motherboard and provides various security-related functions, one of which is helping to secure encryption keys used for full disk encryption.
For the past 15 years, Ubuntu’s solution to full disk encryption has relied on the well-known Linux Unified Key Setup (LUKS), with users authenticated via passphrases. At the same time, on Ubuntu Core 20 and subsequent versions, full disk encryption has been implemented using trusted platform modules (TPMs).
Late coverage:
-
Ubuntu Linux Will Add TPM-Backed Full-Disk Encryption
Many people know TPM modules as the main requirement for Windows 11, which was also one of the main reasons why several older computers were not supported (at least officially) by Microsoft's new operating system. But TPM is actually a hugely useful security feature in our computers. It's a module that basically enhances the security and the privacy of your PC, something hugely useful given how online security seems to be more important than ever these days. If you use Ubuntu, though, you're about to get another perk if you actually care about TPM — enhanced full-disk encryption.
Full-disk encryption has been present on Ubuntu for a long time, but up until this point it relied on passphrases for authenticated users. Those on Ubuntu Core, however, take a slightly different approach to full-disk encryption, with keys used to decrypt the encrypted data being protected by the TPM, thus not needing to rely on these passphrases. Since this approach has actually been fairly solid for Ubuntu Core, Canonical has been working towards bringing TPM-backed full disk encryption to regular Ubuntu Desktop systems as well. Now, this change is finally soon to land on customers — starting on Ubuntu 23.10, TPM-backed full disk encryption will be available as an experimental feature for those who want to try out, with the aim of bringing it to everyone sooner or later.