24.04: installer, disk encryption, power management: ubuntu going backwards in big steps?
Oliver Grawert
ogra at ubuntu.com
Wed Sep 11 12:47:05 UTC 2024
hi,
Am Mittwoch, dem 11.09.2024 um 14:10 +0200 schrieb Josef Wolf:
>
> 1. This will create an UNENCRYPTED /boot partition. This is not
> exactly "full
> disk encryption"
If you want FDE with encrypted /boot and all, you will need to pick the
"hardware-backed" encryption option in the installer ... but note that
this heavily depends on your UEFI settings and that all the TPM options
in it are correctly set in advance of the install ... there is some
discussion around it at:
https://discourse.ubuntu.com/t/tpm-backed-full-disk-encryption-is-coming-to-ubuntu-discussion/38507/61
(there are also still some limitations for using third party drivers in
this setup as the kernel as well as bootloader come as GPG signed
readonly snap packages, this limitation will likely be solved soon with
the enablement of snap components which will allow additional modules
to be handled in the kernel snap easily but is not ready yet)
ciao
oli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20240911/6f230966/attachment.sig>
More information about the ubuntu-users
mailing list