© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Hey sudodus, I realize I didn't explain myself very well!
This decision is after a *lot* of discussion and back/forth from Foundations and Security where we asked all these questions in detail. The specific person I spoke with has 20 years of experience with Linux Security (and the other is a GRUB maintainer).
The benefit of having *full* disk encryption is the idea of increased security. That's about it. The security impact is actually negligible, encrypted /boot takes 3x longer to boot, it doesn't have support for other keyboard layouts, and the icing on the cake is that we're actually relying on GRUB's built-in encryption algorithms, which aren't checked for vulnerabilities.
To quote the incredibly experienced member of the Security Team:
> IMHO it's hard to see value from encrypting the boot process: an attacker could replace either one just fine, right? That's where the signatures come in, but that really only helps if the measurements contribute to unsealing a key for the rest of the data, and I'm not sure that's really there for most platforms yet
If there's anything we failed to consider here, please say so. I just think, unfortunately we've had the wrong defaults for a while. Let me know if you have any questions.