TPM-backed full disk encryption is coming to Ubuntu

Based on Ubuntu Core’s FDE design, we have been working on bringing TPM-backed full disk encryption to classic Ubuntu Desktop systems as well, starting with Ubuntu 23.10 (Mantic Minotaur) – where it will be available as an experimental feature. This means that passphrases will no longer be needed on supported platforms, and that the secret used to decrypt the encrypted data will be protected by a TPM and recovered automatically only by early boot software that is authorised to access the data. Besides its usability improvements, TPM-backed FDE also protects its users from “evil maid” attacks that can take advantage of the lack of a way to authenticate the boot software, namely initrd, to end users.

I’m not well-versed enough on this topic to make any meaningful comments, other than as long as it’s a choice presented to users, it seems like a good thing.


  1. 2023-09-08 12:53 am
  2. 2023-09-08 2:13 am
    • 2023-09-08 3:38 am