for privacy and security reasons oem-config should allow to change security key for disk encryption by the end-user

Bug #1842187 reported by Norbert on 2019-08-31
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oem-config (Ubuntu)
ubiquity (Ubuntu)

Bug Description

Steps to reproduce:
1. Install the Ubuntu in OEM mode with Encryption and LVM (*passphrase1* was entered, it is known by administrator or manufacturer)
2. Boot installed system with temporary OEM account
3. Click "Prepare for shipping to end user" icon on desktop
4a. Ship device to the end user forgetting to give him/her the *passphrase1*.
4b. Ship device to the end user with *passphrase1* (which really secret) written in somewhere

Expected results:
User is able to boot device without encryption and then set his/her own *passphrase* on first boot via OEM Config wizard

Actual results:
a. user can't decrypt drive if he/she do not know the *passphrase1*
b. user can decrypt the drive with known *passphrase1* but is concerned that someone else knows it.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers