The issue reported here is that /boot is not encrypted in the supported configurations. Which is meh - we don't have much authenticated encryption, so boot can still be manipulated. Sealed TPM measurements address the problem of verifying the bootloader, kernel, initrd, and the configuration better. It does not provide security by obfuscation as encryption does, but that obfuscation can be circumvented - you can modify an encrypted boot partition and still get a working system - and authenticated encryption that would also authenticate the content is not stable yet.
I cannot say much on the other issue raised in recent comments on dual boot setups not installing encrypted, but I fail to see how it's related to this bug report I do want to point out that with devices now being sold with BitLocker out of the box, that you do have to disable BitLocker first to even get the ability to install another OS, so I fail to see how that improves the situation for dual boot users who need encryption. But in any case adding comments to bugs that are unrelated to the bug is not really helpful, you end up with nobody knowing what people are talking about anymore. Hence my suggestion would be to open a new bug report against ubiquity describing the dual boot setup issues so that that can be tracked on its own and we don't have to discuss two bugs in one bug report. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1773457 Title: Full-system encryption needs to be supported out-of-the-box including /boot and should not delete other installed systems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1773457/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
