OpenSUSE's Aeon Desktop Release Candidate 3 (RC3) is Released with Full Disk Encryption

OpenSUSE Aeon Desktop RC3 Release: Full disk encryption is enabled by default

OpenSUSE’s Aeon Desktop Team released Aeon Desktop Distribution Candidate 3 (RC3), the first version in the series to enable Full Disk Encryption (FDE) by default. This release introduces key improvements, focusing on security and user experience.

Table of contents

• Full disk encryption: new security standards
  • Solve security issues
  • Behind the Scenes Improvement: Building a Solid Foundation
• Looking to the future: the road to the official launch
• Will there be RC4?

Full disk encryption: new security standards

The highlight of RC3 is that the introduction of Full Disk Encryption (FDE) by default. This feature significantly enhances data security, protecting users from unauthorized access in the event of lost or stolen device.

Aeon RC3 intelligently implements FDE in two modes to adapt to the user's hardware configuration:

• Default Mode: Aeon leverages this hardware for powerful security checks for systems equipped with Trusted Platform Module (TPM) 2.0 chipsets with specific support (version 1.38 or later). During startup, the system carefully verifies the integrity of key components, including UEFI firmware, secure boot status, partition tables, boot loaders, drivers, kernels, and initrds. Any discrepancy triggers a recovery key prompt, ensuring that only authorized modifications can continue.
• Alternate Mode: If the hardware required for the default mode is missing, Aeon will implement Alternate Mode, requiring the user to enter a password every time the system starts up. While this mode relies on user input, it still provides strong protection when secure boot is enabled.

Solve security issues

Some users may think that the default mode is not very secure because it does not require a password when it starts. However, strict integrity checks in default mode are effectively defended against attacks that may bypass authentication.

It detects unauthorized changes, including modifications to the kernel command line and initrd, which may be used to break passwords in alternate mode.

Behind the Scenes Improvement: Building a Solid Foundation

In addition to FDE, RC3 also includes some technology-enhanced and community-driven programs:

tik installer improvements:

Aeon installer tik (transactional installation suite) now uses systemd-repart instead of dd to deploy images. This shift makes it possible to achieve full disk encryption and paves the way for future enhancements.

Brands and Community:

Recognizing the importance of unified identity, Aeon now has an official brand guide that provides guidance on logos, colors and usage. Additionally, a dedicated Subreddit facilitates community interaction, discussion and support.

Looking to the future: the road to the official launch

As RC3 approaches completion, the focus shifts to final improvements before the official release of Aeon. While no major structural changes to the core operating system are planned, upstream versions and community contributions are expected to be continuously improved.

The main task is to develop openQA tests to verify Aeon's installation process and core functionality.

Will there be RC4?

As stated in the official release notes, the possibilities of RC4 are being explored. It will take advantage of tik's systemd-repart functionality as a "self-installer" to potentially significantly reduce download size by not having to embed Aeon images separately.

However, this approach depends on the functionality of systemd v256, which was recently submitted to openSUSE Factory and is still in the cutting-edge stage. If RC4 does not appear, users can expect smaller and more efficient images after official release.

resource:

• Aeon RC3 Release Notes

The above is the detailed content of OpenSUSE's Aeon Desktop Release Candidate 3 (RC3) is Released with Full Disk Encryption. For more information, please follow other related articles on the PHP Chinese website!