• Ubuntu 21.10 focuses on stronger security.
• It also includes smoother app discovery processes.
• In advance of next year’s bigger update, Ubuntu 23.10 offers a surprising amount of additional refinement.
On October 12th, Canonical announced the release of Ubuntu 23.10.
It’s not exactly “lines around the Apple store” time, but for a very focused group of people, it’s an announcement of similar stature.
Ubuntu 23.10, (available to download here), has been upgraded in terms of enhanced security – and in this iteration, significantly streamlined app discovery.
The need for passphrases has been reduced by a boost in device encryption, which includes preview support for TPM-backed full disk encryption. As well as which, the new upgrades limit unprivileged user namespaces to mitigate vulnerability risks.
Ubuntu 23.10, codenamed “Mantic Minotaur,” will feature a range of fresh benefits for users. For instance, hardware options have been increased, with the addition of support for the Raspberry Pi 5 and SiFive HiFive Pro P550. That will simplify fleet management through streamlined network configuration and enhanced Active Directory integration.
What’s more, a new App Centre will become available on Ubuntu Desktop. That brings together access to snap and deb packages (two common package formats for software on Ubuntu), along with comprehensive metadata. This metadata makes it easier to find and identify reliable and trustworthy software, simplifying the process of discovering and installing software on Ubuntu.
With Ubuntu 24.04 LTS due for release in April 2024, Ubuntu 23.10 lays the groundwork for further enhancements.
Improved Security And Encryption/Decryption Methods
Oliver Smith, senior product manager for Ubuntu at Canonical, said “In this release, we’ve raised the bar for what secure by default means for Ubuntu, and set the stage for our next Long Term Supported release.
“We’re excited for users to test our preview hardware-backed disk encryption key storage on Ubuntu Desktop, alongside the new App Center, which makes it easier than ever to find the software you need,” he added.
Ubuntu’s “hardware-backed disk encryption key storage” will implement a motherboard’s TPM (Trusted Platform Module) chip, a hardware component designed to encrypt or decrypt the disk within a computer.
This feature means users will not have to type in a password in to decrypt the disk before logging in. This TPM chip essentially ties the disk, cryptographically, to its host. In an age of increasing password compromise, that’s going to come as a welcome new addition to Ubuntu users.
Next year’s Ubuntu 24.04 LTS will see further hardware support features, coinciding with additional encryption configuration and management options.
Instead of users having to choose between device security and manageability, this new encryption method offers a range of potential benefits, such as:
- Enhanced security – By tying the disk’s encryption to the hardware, it becomes more difficult for unauthorized users to access the data, even if they have physical access to the device.
- Added convenience – Because users no longer need to manually enter a decryption password when booting up their computer, the login process is streamlined, reducing the risk of password-related security vulnerabilities.
- Protection against cold boot attacks – The TPM chip securely stores encryption keys, so cold boot attackers will not be able to retrieve the encryption keys from a system’s memory.
- Data integrity – If the system is tampered with or the disk is moved to a different device, access to the data should remain protected.
- Automatic encryption – Because the TPM chip automates the encryption and decryption process, users can enable and use encryption more easily, improving overall data security.
- Reduced risk of unauthorized access – The TPM chip is essentially a hardware-based security measure. It is harder to bypass compared to software-based encryption, so unauthorized access becomes less likely.
Ubuntu kernel change
Unprivileged user namespaces, typically used by applications for security, sometimes expose critical kernel functions. This can pose certain security risks. To mitigate this, Ubuntu’s kernel has introduced a mode that mandates AppArmor (Linux security module software that provides Mandatory Access Control – MAC – capabilities) profiles for unprivileged user namespaces, enhancing security by limiting their use to applications with these profiles. Ubuntu’s archive now includes AppArmor profiles for applications to ensure compliance with this policy when enabled.
Because programs will now require AppArmor profiles, the potential for security breaches when using these namespaces will become reduced.
Currently, it doesn’t seem Ubuntu is upstreaming this feature to the Linux Kernel itself. By keeping such features in Ubuntu’s own kernel, the company can tailor and control the integration of security measures to align with their specific needs and requirements.
App Discovery upgrades
As open source applications continue to expand, discovering, managing, and trusting installed software becomes more challenging. Ubuntu’s new App Discovery updates tackle this issue, with all applications on the Canonical Snap Store going through stringent security reviews. Therefore, default settings allow only essential permissions to be active.
In addition to this, an in-depth signature verification process has also been implemented to prevent all Snap applications from being modified by anyone other than the publisher.
The new updates continue Ubuntu’s embedding of Snap-based applications for most use cases – despite the apps not being universally popular. The reason many users dislike Snap applications is that they come from a store that contains proprietary code. They also require certain systems to be installed, and those systems are not universal.
Added support for Raspberry Pi5 and HiFive Pro P550
The latest update also brings with it further choice for developers aiming to stay on the cutting edge and target the latest platforms. Ubuntu 23.10 Desktop and Server will support the latest Raspberry Pi 5.
That will come as some relief after Raspberry Pi 4 fell short of providing the necessary performance to serve as a daily driver with a desktop computer. The upcoming Pi 5 might offer this capability, albeit with potential limitations due to its ARM architecture, as opposed to x86.
Nevertheless, at a cost of around $80, the new version has the potential to function as an affordable desktop solution.
As expected, Ubuntu 23.10 is available on the SiFive HiFive Pro P550. This continues Canonical’s successful partnership that has brought Ubuntu to the SiFive HiFive RISC-V development platforms.
Phil Dworsky, global head of strategic alliances at SiFive, said “Together, SiFive and Canonical continue to deliver leading hardware/software solutions that are key enablers for RISC-V developers, helping to move the RISC-V ecosystem into applications requiring higher performance compute.”
The SiFive and Canonical partnership has provided integrated solutions that combine both hardware and software – a combination that’s crucial for RISC-V developers. This is to ensure that RISC-V technology can be used in more demanding applications, such as data centers, high-performance computing clusters, and other scenarios where strong computational power is essential.
Fusion of admin tools
Ubuntu 23.10 comes with changes and improvements related to network configuration and fleet management. In the past, administrators have been required to change their workflows, based on whether they were targeting server-use cases or desktop.
That was a factor of Ubuntu’s network configuration operated. With Ubuntu 23.10 though, Netplan has been adopted. Netpan is a Linux networking configuration tool, previously used on the Ubuntu Server, to provide a consistent networking experience across both.
For administrators overseeing fleets of both Windows and Ubuntu desktops, ADsys, the Active Directory Group Policy client that is available with Ubuntu Pro, now supports machine certificate auto-enrolment from Active Directory Certificate Services. That will enhance users’ system management capabilities.
Further Ubuntu fleet management improvements include a more seamless experience using Landscape Enrolment Wizard via the Ubuntu Pro client. There is also additional support for registering in bulk on Landscape to simplify large-scale deployments. That makes it easier to deploy and manage several systems efficiently.
Ubuntu 23.10 comes with promises of a more user-friendly experience with its new and improved App Centre. For some, it’s the usual “boring” update ahead of next year, but for many, it offers comprehensive changes with improved usability, reliability, and security.