Ubuntu 23.10 Adding Experimental TPM-Backed Full Disk Encryption

Written by Michael Larabel in Ubuntu on 7 September 2023 at 09:55 AM EDT. 49 Comments
UBUNTU
As an experimental feature for next month's Ubuntu 23.10 release, Canonical is introducing initial support for TPM-based full disk encryption to make use of your system's Trusted Platform Module (TPM). The downside though is this extra security relies on Snaps, including for the kernel and GRUB bootloader.

Canonical announced today that Ubuntu 23.10 will have experimental TPM-backed Full Disk Encryption support, complementing the existing full disk encryption support they have offered for years albeit without the TPM integration. This will work for classic Ubuntu Desktop systems included.


From initially offering eCryptfs-based home directory encryption to then complementing it with full disk encryption for Ubuntu desktops and servers, Ubuntu has supported various forms of disk encryption for years while now TPM-backed FDE is becoming available.


But sure to set some Ubuntu users off is this TPM-backed full disk encryption relies on their controversial Snaps packaging format for delivery. Today's announcement explains:
"TPM-backed FDE on classic Ubuntu Desktop systems is based on the same architecture as Ubuntu Core, and it shares a number of its design and implementation principles. Namely, the bootloader (shim and GRUB) and kernel assets will be delivered as snap packages (via gadget and kernel snaps), as opposed to being delivered as Debian packages. As such, it is the Snapd agent which will be responsible for managing full disk encryption throughout its lifecycle.

The bootloader logic includes boot mode selection and kernel selection, and is encoded in the GRUB configuration which is provided by Snapd, rather than being automatically generated on the device. Finally, we will make use of Unified kernel images, where the kernel and initramfs will be encapsulated in a single PE binary containing a small stub to execute the kernel. This will be signed as a single artefact."

Those wishing to learn more about this new full disk encryption option rolling out to Ubuntu Linux can find out the preliminary details on the Ubuntu blog.
49 Comments
Related News
Ubuntu 24.04 LTS Downloads Now Available
Ubuntu 24.04 Supports Easy Installation Of OpenZFS Root File-System With Encryption
Ubuntu 24.04 Beta Now Available For Testing
Ubuntu Maker Canonical Announces New Collaboration With Qualcomm
Canonical Announces Ubuntu Pro For Devices
Netplan 1.0 Is Ready To Go For Ubuntu 24.04 LTS
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks