for privacy and security reasons oem-config should allow to change security key for disk encryption by the end-user

Bug #1842187 reported by Norbert
This bug affects 1 person
Affects Status Importance Assigned to Milestone
oem-config (Ubuntu)
ubiquity (Ubuntu)

Bug Description

Steps to reproduce:
1. Install the Ubuntu in OEM mode with Encryption and LVM (*passphrase1* was entered, it is known by administrator or manufacturer)
2. Boot installed system with temporary OEM account
3. Click "Prepare for shipping to end user" icon on desktop
4a. Ship device to the end user forgetting to give him/her the *passphrase1*.
4b. Ship device to the end user with *passphrase1* (which really secret) written in somewhere

Expected results:
User is able to boot device without encryption and then set his/her own *passphrase* on first boot via OEM Config wizard

Actual results:
a. user can't decrypt drive if he/she do not know the *passphrase1*
b. user can decrypt the drive with known *passphrase1* but is concerned that someone else knows it.

Norbert (nrbrtx)
tags: added: focal
removed: disco
Norbert (nrbrtx)
tags: added: hirsute impish
removed: eoan
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.