Many people know TPM modules as the main requirement for Windows 11, which was also one of the main reasons why several older computers were not supported (at least officially) by Microsoft’s new operating system. But TPM is actually a hugely useful security feature in our computers. It’s a module that basically enhances the security and the privacy of your PC, something hugely useful given how online security seems to be more important than ever these days. If you use Ubuntu, though, you’re about to get another perk if you actually care about TPM — enhanced full-disk encryption.
Full-disk encryption has been present on Ubuntu for a long time, but up until this point it relied on passphrases for authenticated users. Those on Ubuntu Core, however, take a slightly different approach to full-disk encryption, with keys used to decrypt the encrypted data being protected by the TPM, thus not needing to rely on these passphrases. Since this approach has actually been fairly solid for Ubuntu Core, Canonical has been working towards bringing TPM-backed full disk encryption to regular Ubuntu Desktop systems as well. Now, this change is finally soon to land on customers — starting on Ubuntu 23.10, TPM-backed full disk encryption will be available as an experimental feature for those who want to try out, with the aim of bringing it to everyone sooner or later.
By using TPM-backed full disk encryption, users will also be protected of things such as “evil maid” attacks. Using a TPM module should, in general, make things more efficient, more secure, and overall better. For added security, you can even use a passphrase in addition to TPM. If you’re interested in reading through the many advantages TPM-backed full disk encryption has, you should definitely check out Ubuntu’s full blog post on the matter, as it brings you through the ins and outs of the “building blocks” of the feature and what it solves. But it’s a solid step forward as far as security goes.
The feature will be rolled out as an experimental feature, and you should try it out if you’re interested in giving it a spin. It’s not ready for primetime just yet, however, so you should definitely not use it on your daily driver unless you’re prepared to wipe your drive completely if something goes wrong.
Source: Ubuntu