TPM-backed full disk encryption
Particularly notable in this release is the support for TPM-backed full disk encryption. See the Ubuntu blog for details. Note that TPMFDE requires ISOs that are constructed with this feature in mind, which only applies to the mantic-desktop ISO today.
TPMFDE can be triggered with autoinstall:
storage: layout: name: hybrid encrypted: yes
New in this release is the support for Guided ZFS, which is available for Desktop and Autoinstall. The guided ZFS structure is brought from Ubiquity and is very similar. (Encrypted Guided ZFS support is in plan for 24.04.)
To use ZFS from autoinstall, configure:
storage: layout: name: zfs
For Server installs, a recovery key option is now available.
- CVE-2023-5182 (PR: 1820) - Address CVE by ensuring the autoinstall-user-data file is not readable by the adm group. The file contains the hashed password of a user with sudo capability.
- LP: #2009141 (PR: 1806) - Rework udev events handling in the storage code so that Subiquity does not crash if a large burst of events occurs.
- LP: #2037133 (PR: 1807) - Fix incorrect documentation. The locale is not implicitly made interactive when another section is marked interactive.
- LP: #2032961 (PR: 1811) - Ensure we run early and late commands with a clean environment to avoid potential failures in focal.
- LP: #2017278 (PR: 1812) - Fix crash when attempting to install ubuntu-restricted-addons during an offline install. Subiquity will now warn and skip the package instead. An additional change in the desktop installer was done to ensure that the installation is not wrongly considered offline in some scenarios.
- LP: #2017862 (Probert PR: 136, Curtin MP: 442225) - Fix partitioning failure when existing GPT partitions have UTF-8 partition names
- LP: #2039084 (PR: 1669, Curtin MP: 441769) - Fix partitioning failure when a swap partition is placed in an extended partition
- LP: #2018280 (PR: 1671) - Ensure curtin does not reorder UEFI boot entries since it is unsupported on Dell XPS and some other platforms
- PR: 1687 - Fix crash when a cloud-config is sent that adjusts the users but creates no default user
- LP: #2023265 (PR: 1688) - Fix list of third-party drivers considered empty when it has not yet finished being retrieved
- LP: #2029028 (PR: 1701) - Prevent Subiquity from discarding configuration in /etc/apt being deployed by deb packages
- PR: 1718 - Fix invalid source ID in documentation (ubuntu-server-minimized → ubuntu-server-minimal)
- PR: 1747 - Ensure that running
snap start subiquity.probertworks as intended
- PR: 1777 - Fix crash when refreshing the installer as part of an automated installation
- LP: #2039076 (PR: 1780) - Fix wrong order of lower layers when building an overlay – resulting in inconsistencies when listing third-party drivers
- LP: #2039075 (PR: 1782) - Fix invalid use of x-error-msg when the error message contains a newline character
- LP: #2039086 (PR: 1786) - Fix crash occurring upon accessing the Help menu after creating a bond interface
- LP: #2034270 (PR: 1787) - Fix crash when using guided storage with a small disk
- LP: #2012659 (PR: 1789) - Fix crash when a Wi-Fi or Ethernet interface gets removed from the system
- PR: 1796 - Fix crash when reusing an existing RAID
- LP: #2039090 (PR: 1797) - Disable unattended-upgrade minimal steps to speed up the installation
- LP: #2035034 (Curtin MP: 451298) - Fix curtin failing to handle partitions on 4k sectors disks
- LP: #2039080 (PR: 1808) - Fix race condition sometimes causing an early crash when using the desktop installer
- LP: #2039082 (PR: 1814) - Prevent Subiquity from restarting costly operations when selecting the same source (e.g., ubuntu-desktop-minimal) multiple times.
- PR: 1819 - Ensure cloud-init logs on the target system are owned by root since syslog:adm is not necessarily the same as that of the installer environment
- LP: #1933055 (PR: 1757) - Ensure the client saves the TUI mode (i.e., rich vs monochrome), so that it is restored after updating the installer
Bugfixes that are already in the stable channel but new since 23.04
- LP: #2033977 (PR: 1790) - Ensure the security archive is set to the proper URL
- LP: #2013201 (PR: 1759) - When setting the size of a partition, Subiquity may crash with an error about “size or offset not aligned”
Full Changelog: https://github.com/canonical/subiquity/compare/23.04.2...23.10.1