Lennart: Linux Comes Up Short Around Disk Encryption, Authenticated Boot Security

Written by Michael Larabel in systemd on 23 September 2021 at 06:23 AM EDT. 118 Comments
SYSTEMD
Most Linux distributions are currently coming up short from offering adequate security around full disk encryption and authenticated boot. Prominent Linux developer Lennart Poettering even argues that your data is "probably more secure if stored on current ChromeOS, Android, Windows or macOS devices."

Lead systemd developer Lennart Poettering wrote a lengthy blog post today around the state of authenticated boot and disk encryption on Linux. While many Linux distributions offer full-disk encryption, offer UEFI SecureBoot, and begun embracing TPMs, many of the technologies aren't being used to their best potential yet especially now by default / out-of-the-box.

Lennart's short summary of the situation is:
Linux has been supporting Full Disk Encryption (FDE) and technologies such as UEFI SecureBoot and TPMs for a long time. However, the way they are set up by most distributions is not as secure as they should be, and in some ways quite frankly weird. In fact, right now, your data is probably more secure if stored on current ChromeOS, Android, Windows or MacOS devices, than it is on typical Linux distributions.

In his blog post he outlines the current technologies, the issues at hand, and areas for improvement in improving authentication and providing better security.

There are some pull requests pending to the likes of systemd for better improving security, so that work still needs time to be upstreamed, but it will also depend upon Linux distribution vendors to begin making use of these features too when available. See Lennart's blog for all of the interesting technical details and current Linux shortcomings.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week