mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
Merge pull request #30067 from lujun9972/add-MjAyMzA5MDggVWJ1bnR1IDIzLjEwIHRvIEZlYXR1cmUgRXhwZXJpbWVudGFsIFRQTS1iYWNrZWQgRnVsbCBEaXNrIEVuY3J5cHRpb24ubWQK
自动选题[news]: 20230908 Ubuntu 23.10 to Feature Experimental TPM-backed Full Disk Encryption
This commit is contained in:
commit
fd7d51b781
@ -0,0 +1,90 @@
|
|||||||
|
[#]: subject: "Ubuntu 23.10 to Feature Experimental TPM-backed Full Disk Encryption"
|
||||||
|
[#]: via: "https://news.itsfoss.com/ubuntu-23-10-disk-encryption/"
|
||||||
|
[#]: author: "Sourav Rudra https://news.itsfoss.com/author/sourav/"
|
||||||
|
[#]: collector: "lujun9972/lctt-scripts-1693450080"
|
||||||
|
[#]: translator: " "
|
||||||
|
[#]: reviewer: " "
|
||||||
|
[#]: publisher: " "
|
||||||
|
[#]: url: " "
|
||||||
|
|
||||||
|
Ubuntu 23.10 to Feature Experimental TPM-backed Full Disk Encryption
|
||||||
|
======
|
||||||
|
Moving forward, Ubuntu will let you utilize TPM-backed Full Disk
|
||||||
|
Encryption. But, is this something you would like?
|
||||||
|
Ubuntu 23.10 daily builds keep getting exciting new additions!
|
||||||
|
|
||||||
|
Earlier we had covered the [major PPA changes][1], and the new [Flutter-based store][2] (which also landed with the latest daily builds).
|
||||||
|
|
||||||
|
Now, we have yet another major change that is set to enhance the security of Ubuntu systems; by changing how users handle the encrypting of their disks (if enabled).
|
||||||
|
|
||||||
|
The initial support for the feature is set to arrive with Ubuntu 23.10 and will be improved in future Ubuntu releases.
|
||||||
|
|
||||||
|
**Suggested Read** 📖
|
||||||
|
|
||||||
|
![][3]
|
||||||
|
|
||||||
|
### Ubuntu 23.10: TPM-backed Full Disk Encryption
|
||||||
|
|
||||||
|
![][4]
|
||||||
|
|
||||||
|
Introduced as **an experimental feature** , TPM-backed Full Disk Encryption (FDE) is a major change from how Ubuntu has been handling FDE for the past 15 years.
|
||||||
|
|
||||||
|
**In the existing system** , a passphrase mechanism was in place, that would authenticate users by accepting a user-set phrase that would then be used to provide access to the disk.
|
||||||
|
|
||||||
|
All of this was made possible due to the integration of the **[Linux Unified Key Setup][5]** (LUKS) framework, which handles disk encryption at the block level.
|
||||||
|
|
||||||
|
**With the TPM-backed system** , the TPM chip on your motherboard will be used to provide full disk encryption, doing away with the need for a passphrase.
|
||||||
|
|
||||||
|
The **chip will handle the decryption of the secret key** that locks the full EFI state, and the kernel command line. That is only possible when the device boots with software that has been defined as ' **authorized** ' to access confidential data.
|
||||||
|
|
||||||
|
📋
|
||||||
|
|
||||||
|
TPM stands for [Trusted Platform Module][6].
|
||||||
|
|
||||||
|
**But, there's a catch.**
|
||||||
|
|
||||||
|
TPM-backed FDE is based on the [same architecture][7] as [Ubuntu Core][8], this has resulted in the sharing of many key components that are **delivered as snap packages**. So, things such as the **bootloader** (shim/GRUB) and **kernel assets** are delivered via snap.
|
||||||
|
|
||||||
|
Luckily, this new **TPM-backed FDE is not the only way of encrypting disks**. The **conventional passphrases system will still be in place** , for those who don't want to use the new system.
|
||||||
|
|
||||||
|
Users can also use the new system alongside passphrases to further bolster their security.
|
||||||
|
|
||||||
|
For technical details on how TPM-backed disk encryption works, I suggest you go through Ubuntu's [official blog][9] post.
|
||||||
|
|
||||||
|
**Interested in testing this out?** 🤔
|
||||||
|
|
||||||
|
🚧
|
||||||
|
|
||||||
|
Testing any experimental feature could result in total data loss. So, try it at your own risk.
|
||||||
|
|
||||||
|
Well, TPM-backed FDE has been rolled out into the [**daily builds**][10] of **Ubuntu 23.10** , you just have to set it up during installation as shown in the screenshot in the article.
|
||||||
|
|
||||||
|
The new FDE option is available under ' **Advanced Features** ' during the selection of the type of install on the Ubuntu installer.
|
||||||
|
|
||||||
|
_💬 What do you think of this new experimental feature? Share your thoughts in the comments below._
|
||||||
|
|
||||||
|
* * *
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://news.itsfoss.com/ubuntu-23-10-disk-encryption/
|
||||||
|
|
||||||
|
作者:[Sourav Rudra][a]
|
||||||
|
选题:[lujun9972][b]
|
||||||
|
译者:[译者ID](https://github.com/译者ID)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]: https://news.itsfoss.com/author/sourav/
|
||||||
|
[b]: https://github.com/lujun9972
|
||||||
|
[1]: https://news.itsfoss.com/ubuntu-23-10-ppa/
|
||||||
|
[2]: https://news.itsfoss.com/ubuntu-23-10-ubuntu-store/
|
||||||
|
[3]: https://news.itsfoss.com/content/images/size/w256h256/2022/08/android-chrome-192x192.png
|
||||||
|
[4]: https://news.itsfoss.com/content/images/2023/09/Ubuntu_23.10_TPM_FDE.png
|
||||||
|
[5]: https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
|
||||||
|
[6]: https://en.wikipedia.org/wiki/Trusted_Platform_Module
|
||||||
|
[7]: https://ubuntu.com/core/docs/uc20/full-disk-encryption
|
||||||
|
[8]: https://ubuntu.com/core
|
||||||
|
[9]: https://ubuntu.com/blog/tpm-backed-full-disk-encryption-is-coming-to-ubuntu
|
||||||
|
[10]: https://cdimage.ubuntu.com/daily-live/current/
|
Loading…
Reference in New Issue
Block a user