Absolute joke. Emphasis is mine:
… protected by a TPM and recovered automatically only by early boot software that is authorised to access the data
later on in the article it talks about how the packages are now going to be supplied:
Namely, the bootloader (shim and GRUB) and kernel assets will be delivered as snap packages (via gadget and kernel snaps), as opposed to being delivered as Debian packages. As such, it is the Snapd agent which will be responsible for managing full disk encryption throughout its lifecycle.
Looks like snap will be the future for Ubuntu
This is great news. FDE is needed for all kinds of use cases. Ever log into your bank on your unencrypted laptop? Better hope nobody steals your laptop, they can get to any passwords saved in your browser, session cookies, etc. But if your disk is encrypted then it’s good luck, they’ll have to crack your password (if Canonical implements it right it shouldn’t be possible) or wipe the drive.
It’s no different than standard FDE with LUKS, but the password is no longer the master key. The password (from what I’ve read) is used to generate the key, and that key is then used as the secret. So you can have an average password and it still makes it hard to “crack”
Right. Typing in the LUKS password every time you resume from standby (specifically hibernation) means nobody actually uses it in practice. This unlocks a key feature missing from Linux ecosystem.