The latest version of Ubuntu is out today, bringing new and updated features including a new App Center for finding, downloading, and installing software, support for storing encryption keys for full-disk encryption in a TPM (Trusted Platform Module), and support for new hardware including single-board computers like the Raspberry Pi 5 and SiFive HiFive Pro P550.

Ubuntu 23.10 should be available soon from the Ubuntu Download page, or existing users should eb able to upgrade using the Software Updater.

Canonical says adding support for storing encryption keys in a TPM to Ubuntu Desktop 23.10 allows users or IT administrators to enable full-disk encryption without the need to enter a passkey at startup.

That said, it’s an experimental feature in this release, but the company says it hopes to bring “broader hardware support for this feature” with the launch of Ubuntu 24.04 LTS in April, 2023.

Support for the Raspberry Pi 5 was pretty much a no-brainer, as Canonical has been supporting other Raspberry Pi devices for a few years, and the newest model brings twice the performance, so it should be more than capable of supporting the latest version of Ubuntu.

But Canonical has also been making efforts to port its operating system to support RISC-V architecture in recent years, and the SiFive HiFive Pro P550 (Intel Horse Creek) board is one of the most powerful, versatile RISC-V development boards to date.

Other changes include an update to a Linux kernel 6.5, a new App Center designed in Flutter with better search functionality and support for choosing between Snap and .deb packages, and improved support for window tiling.

Ubuntu 23.10 App Center

As with every recent Ubuntu release, the default version of the operating system ships with the GNOME desktop environment, and Ubuntu 23.10 will ship with GNOME 45 (and some new wallpapers).

But Ubuntu also comes in a number of different official “flavors,” with different desktop environments. New builds should also be out today (or soon) for Kubuntu, Lubuntu, Xubuntu, Ubuntu Budgie, Ubuntu Cinnamon, Ubuntu MATE, Ubuntu Unity, Ubuntu Studio, Ubuntu Kylin, and Edubuntu.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,543 other subscribers

Join the Conversation

9 Comments

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. I consider using the TPM alone to be about as secure as a sticky note on the inside of the computer case, although it really is a step above it. After all, the computer will still boot revealing the foregone conclusion that it has a password that you know. What you really want for plausible deniability is a computer where the bootloader and filesystem headers are located on a removable flash drive, so that even if examined by forensics, your storage really just looks like random garbage.
    I do not like how it depends on snapd therefore on systemd. Lennart Pottering works for Microsoft now and Microsoft is fully intent on assisting Google in creating a world ruled by Web Environment Integrity. It’s possible that even if desktop Linux is allowed to survive the remote attestation impact by opening itself up to device bans, it’ll be only in this form with signed Unified Kernel Images with a Microsoft or Google root of trust signature which the attestation daemon will check. All distros are going to have to do this if they want to let users browse the web, and the argument “what if one of our users wants to say something factually correct that’s banned from being spoken in the workplace and wants to avoid device bans” won’t fly among the developers because it’s supposed to be inconceivable that any decent human being would ever want to, so say goodbye to GNU/Linux, you can only use SystemD/Linux from now on.

    1. Okay, thinking it over, I realized that probably sounded stupid. Since it’s commonly supposed to be impossible to hide that you’ve got data on your hard drive but at least if you have the bootloader on a flash drive you can sort of pretend you just got the drive second hand depending on who asks, or defeat the rubber hose method of getting a passphrase out of you.
      Now that I think about it, I don’t even know if you have a right to have your lawyer be present while your hard drive is examined in its entirety no matter how long that takes to ensure, at least, that any illegal data found on it after that session could not have been placed there by you. You SHOULD considering how often people bring up the concept of placing incriminating evidence on you.
      Even so, I still think relying on the TPM alone isn’t sufficient particularly for a business because if the machine is stolen and your account or your user’s account isn’t set to be locked out after too many attempts or not being able to access a domain controller the account password can be brute forced if it wasn’t sufficiently complex. And I don’t like Microsoft.
      And really, WEI isn’t even necessary for device bans. There just needs to be a culture developing among websites of only accepting passkeys, and requiring passkeys to be signed by a TPM’s private key, probably in response to some crisis.

        1. Paragraph 1: https://security.stackexchange.com/questions/135846/is-plausible-deniability-actually-feasible-for-encrypted-volumes-disks
          Also, some people will put bootloaders on flash drives just so they can use nvme on older computers that don’t support booting from it. Obviously doesn’t help if you get lazy and leave the flash drive in the machine.
          Paragraph 2: Can’t link this since where I most often hear of law enforcement or another agency planting illegal content is ephemeral chats, nor do I want to risk any searches for any terms that bush up against the topics of illegal content, but I couldn’t find anything one way or another trying to look up if you have any rights to help you control that.
          Paragraph 3: Bitlocker has network unlock for this, so your computers start up like normal unless unable to connect to a WDS server.
          Paragraph 4: I don’t know just how much websites are allowed to interact with your TPM, I just know they can for articles about passkeys on this site. And with their abrupt implementation of WEI, google has demonstrated that they can allow more access to system components at any time.

          1. Maybe instead of making everything obscure, locked down, and inefficient…. we could maybe remove those bad-actors from those corporations, government, and positions of power. And maybe we can change the system where it is good, fair, so such draconian ideas are just tall-tales. We could even install good-actors into those positions of power, once the system itself has been transformed.

            I think that is a much more efficient way of solving this dilemma you’ve been having internally.

          2. Please note that some companies have Oligopoly and contracts with services (politicians).

  2. looks and working awesome so far, I did have to select a preview build of Remmina remote desktop though as the current build crashed when opening.