Ubuntu 25.10 is set to enhance its security features by offering an improved method for utilizing hardware-backed full-disk encryption (FDE) through a Trusted Platform Module (TPM). Although this feature is still experimental, it aims to bolster the distro’s security credentials significantly.
Currently, users can enable full disk encryption during the installation process using a passphrase with LUKS. This requires entering the passphrase each time you boot the system to decrypt the disk contents. With the new integration, users will also have the option to link disk encryption keys to a TPM, which verifies the system’s state at boot time. This is a feature commonly found in most major desktop operating systems.
According to Didier Roche from Canonical, the TPM will evaluate the software and firmware running before the operating system launches, unlocking the encrypted disk only when the system’s state meets specific predefined conditions. This feature aims to protect against tampering in the pre-boot environment, a vulnerability highlighted in recent reports.
The latest enhancements in Ubuntu 25.10 will give users the choice between automatic disk unlocking upon successful TPM validation or requiring both the TPM verification and a passphrase for an extra layer of security. Additionally, the recovery key generation process will be more central during the full disk encryption setup. This key will be particularly useful if you encounter issues like upgrading TPM firmware or forgetting your passphrase.
When the installer checks for TPM compatibility, it must detect a suitable TPM version with no known vulnerabilities and appropriate configurations. If there are issues, the installer will provide feedback, and future versions may include detailed instructions to address these problems.
It’s important to note that while this hardware-backed disk encryption is a significant step for Ubuntu, it’s still in development, and some features haven’t been fully implemented yet. Users should approach this feature cautiously, only testing it on non-critical devices, as advised by Canonical.
These upcoming changes are expected to be included in the official release of Ubuntu 25.10 on October 9, 2025, marking a noteworthy advancement in the distro’s approach to security.
For more information on Ubuntu and its features, check out the Ubuntu 25.10 and TPM links for updates.