for privacy and security reasons oem-config should allow to change security key for disk encryption by the end-user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oem-config (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
ubiquity (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Steps to reproduce:
1. Install the Ubuntu in OEM mode with Encryption and LVM (*passphrase1* was entered, it is known by administrator or manufacturer)
2. Boot installed system with temporary OEM account
3. Click "Prepare for shipping to end user" icon on desktop
4a. Ship device to the end user forgetting to give him/her the *passphrase1*.
4b. Ship device to the end user with *passphrase1* (which really secret) written in somewhere
Expected results:
User is able to boot device without encryption and then set his/her own *passphrase* on first boot via OEM Config wizard
Actual results:
a. user can't decrypt drive if he/she do not know the *passphrase1*
b. user can decrypt the drive with known *passphrase1* but is concerned that someone else knows it.
tags: |
added: focal removed: disco |
tags: |
added: hirsute impish removed: eoan |