document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

选题[news]: 20230908 Ubuntu 23.10 to Feature Experimental TPM-backed Full Disk Encryption

Browse Source 
sources/news/20230908 Ubuntu 23.10 to Feature Experimental TPM-backed Full Disk Encryption.md
This commit is contained in:
DarkSun 2023-09-09 05:08:11 +08:00
parent 82475db5c5
commit 3008bc4018
1 changed files with 90 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
sources/news/20230908 Ubuntu 23.10 to Feature Experimental TPM-backed Full Disk Encryption.md Normal file
View File

@ -0,0 +1,90 @@
[#]: subject: "Ubuntu 23.10 to Feature Experimental TPM-backed Full Disk Encryption"
[#]: via: "https://news.itsfoss.com/ubuntu-23-10-disk-encryption/"
[#]: author: "Sourav Rudra https://news.itsfoss.com/author/sourav/"
[#]: collector: "lujun9972/lctt-scripts-1693450080"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Ubuntu 23.10 to Feature Experimental TPM-backed Full Disk Encryption
======
Moving forward, Ubuntu will let you utilize TPM-backed Full Disk
Encryption. But, is this something you would like?
Ubuntu 23.10 daily builds keep getting exciting new additions!
Earlier we had covered the [major PPA changes][1], and the new [Flutter-based store][2] (which also landed with the latest daily builds).
Now, we have yet another major change that is set to enhance the security of Ubuntu systems; by changing how users handle the encrypting of their disks (if enabled).
The initial support for the feature is set to arrive with Ubuntu 23.10 and will be improved in future Ubuntu releases.
**Suggested Read** 📖
![][3]
### Ubuntu 23.10: TPM-backed Full Disk Encryption
![][4]
Introduced as **an experimental feature** , TPM-backed Full Disk Encryption (FDE) is a major change from how Ubuntu has been handling FDE for the past 15 years.
**In the existing system** , a passphrase mechanism was in place, that would authenticate users by accepting a user-set phrase that would then be used to provide access to the disk.
All of this was made possible due to the integration of the **[Linux Unified Key Setup][5]** (LUKS) framework, which handles disk encryption at the block level.
**With the TPM-backed system** , the TPM chip on your motherboard will be used to provide full disk encryption, doing away with the need for a passphrase.
The **chip will handle the decryption of the secret key** that locks the full EFI state, and the kernel command line. That is only possible when the device boots with software that has been defined as ' **authorized** ' to access confidential data.
📋
TPM stands for [Trusted Platform Module][6].
**But, there's a catch.**
TPM-backed FDE is based on the [same architecture][7] as [Ubuntu Core][8], this has resulted in the sharing of many key components that are **delivered as snap packages**. So, things such as the **bootloader** (shim/GRUB) and **kernel assets** are delivered via snap.
Luckily, this new **TPM-backed FDE is not the only way of encrypting disks**. The **conventional passphrases system will still be in place** , for those who don't want to use the new system.
Users can also use the new system alongside passphrases to further bolster their security.
For technical details on how TPM-backed disk encryption works, I suggest you go through Ubuntu's [official blog][9] post.
**Interested in testing this out?** 🤔
🚧
Testing any experimental feature could result in total data loss. So, try it at your own risk.
Well, TPM-backed FDE has been rolled out into the [**daily builds**][10] of **Ubuntu 23.10** , you just have to set it up during installation as shown in the screenshot in the article.
The new FDE option is available under ' **Advanced Features** ' during the selection of the type of install on the Ubuntu installer.
_💬 What do you think of this new experimental feature? Share your thoughts in the comments below._
* * *
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-23-10-disk-encryption/
作者:[Sourav Rudra][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/sourav/
[b]: https://github.com/lujun9972
[1]: https://news.itsfoss.com/ubuntu-23-10-ppa/
[2]: https://news.itsfoss.com/ubuntu-23-10-ubuntu-store/
[3]: https://news.itsfoss.com/content/images/size/w256h256/2022/08/android-chrome-192x192.png
[4]: https://news.itsfoss.com/content/images/2023/09/Ubuntu_23.10_TPM_FDE.png
[5]: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
[6]: https://en.wikipedia.org/wiki/Trusted_Platform_Module
[7]: https://ubuntu.com/core/docs/uc20/full-disk-encryption
[8]: https://ubuntu.com/core
[9]: https://ubuntu.com/blog/tpm-backed-full-disk-encryption-is-coming-to-ubuntu
[10]: https://cdimage.ubuntu.com/daily-live/current/