Comment 34 for bug 1773457

I would like to support this bug report from the perspective of a security oriented, pragmatic user, likely the kind of which there are plenty out there.

Ubuntu's great success has been and will be based on how user friendly it is, and an overwhelming majority of the people who are looking at security just want their whole system encrypted. Also in dual boot scenarios. Windows for general purpose, Ubuntu for security relevant tasks such as banking or sensitive administration. A wide-spread usecase.

Confronting them with exceptions such as an unencrypted /boot partition, disabling encryption in dual boot scenarios or any other unnecessary complications will just lower Ubuntu's acceptance in an increasingly security aware user world.

Academic discussions about whether or not encryption has been designed for tamper resistance just misses the point. Fact is that it does increase it. Think of someone who breaches my Windows installation, and discovers the parallel Ubuntu installation. They either just see one big chunk of random data, or they see a clear-text /boot partition they can play with. This is one unnecessary attack vector, no matter how easy or hard it is to use.

I do not remember a single argument in this whole history against /boot encryption that mentions a real disadvantage of the functionality. Yes, there may be alternatives. No, it does not make a system perfectly safe. But it helps, and not implementing it is like not implementing RAID because one wants to force users to create backups.