Oliver Smith
on 12 October 2023
Ubuntu Desktop 23.10: Mantic Minotaur deep dive
Ubuntu Desktop 23.10 is bristling with new features, not all of them visible at first glance. Join us as we journey through the highlights of this latest release and explore how it sets the stage for the future.
The last interim release before an LTS (Long Term Supported release for those new to the Ubuntu terminology) is a particularly exciting time. This is the release where the team aims to land as many major changes as possible to ensure that the community has the chance to take them for a spin and provide feedback for further refinement ahead of Ubuntu 24.04 LTS.
These features span the entire Ubuntu Desktop stack, from the user interface, to software management, to core security and architectural changes. We’ve touched on most of them in the press release and release notes, but it’s worth taking the time to explore these features in depth.
Let’s dive in.
New release, new GNOME
As always, Ubuntu delivers the latest GNOME desktop environment, with GNOME 45 landing hot off the press from its stable release only a few short weeks ago. The new features of GNOME 45 have been exhaustively covered elsewhere and we’re sure Ubuntu users will appreciate the new workspace indicator, full-height sidebars and wealth of usability and performance improvements scattered throughout.
This release also features the default inclusion of the Tiling Assistant extension, which broadens the configuration options for multi-window setups, including quarter screen tiling.
Fast, friendly and fun, introducing the new App Center
The standout new feature of Ubuntu Desktop 23.10 has to be the new App Center, which replaces Ubuntu Software for users going forward. Combined with the new installer, these two apps give us a much deeper level of ownership of the first time user experience on Ubuntu Desktop and a strong base to iterate on going forward.
Built in Flutter and leveraging the metadata available with snap packages, this first release provides a fast and intuitive new way to manage both deb and snap packages on your machine. We also created a new ratings service, built in Rust. By combining user ratings with snap metadata we’re excited to be able to offer more dynamic ways to discover applications in future updates, including new categories like ‘most popular’ and ‘recently updated’.
Freeing firmware updates
A related new application is the firmware updater. Previously Ubuntu Software would be responsible for checking for new firmware updates, but to do so it needed to run permanently in the background, impacting system performance. By splitting out firmware management from the App Center we’ve reduced that resource overhead with a much lighter weight background process and a separate, single purpose GUI for managing hardware-related updates.
Become tamper proof with TPM-backed full disk encryption
Ubuntu Desktop 23.10 introduces an experimental feature that enhances our existing Full Disk Encryption (FDE) functionality by supporting Trusted Platform Modules (TPMs) for key storage. Historically, Ubuntu relied exclusively on passphrases for user authentication in FDE, however in enterprise environments where fleets of machines may be shared or need to be booted remotely for administrative purposes, a password requirement to complete the boot process makes device management challenging.
TPM-backed FDE is designed to explicitly counter a type of cyber-security threat known as the “evil maid” attack, a security breach where an attacker gains physical access to a target’s computer and instals malicious software or hardware to compromise the system’s security, typically to gain unauthorised access to the stored data or undermine encryption. This type of attack often seeks to exploit vulnerabilities present during the boot process or leverage weak or absent authentication measures to manipulate the system.
FDE that relies on passphrases can potentially be compromised if an attacker manages to install a keylogger or similar malware to capture the passphrase. However, TPM-backed FDE doesn’t require users to enter a passphrase at every boot, as the decryption key is stored securely in the TPM and only released to authorised boot software. If any part of the boot process, including firmware and boot loaders, is tampered with, the TPM will not release the keys needed to decrypt the disk. This setup adds an extra layer of security and integrity checks, ensuring that even if an attacker has physical access to the machine, the data remains secure unless the entire boot process is uncompromised and trusted.
The TPM-backed FDE architecture in Ubuntu Desktop 23.10 is rooted in the same principles as Ubuntu Core where the Snapd agent manages FDE throughout its lifecycle. In this release, TPM-backed FDE relies on a generic Ubuntu kernel snap, meaning that it doesn’t yet support devices that require additional drivers, such as NVIDIA. We aim to deliver support for a broader range of hardware in Ubuntu 24.04 LTS.
For more details, check out Ijlal Loutfi’s blog post from last month.
Augmenting the administrator experience
One of the unique benefits of Ubuntu is how it delivers the same secure, stable OS for home users and hobbyists that it does to high-end research and development projects.
The ability to administer Ubuntu Desktop at scale is critical to providing that long-term value to those building their skills and it’s important to ensure that sysadmins have the tools and controls to do their job simply and securely.
In Ubuntu Desktop 23.10 we’ve provided new tools for administrators as part of Ubuntu Pro, which are available to everyone free of charge on up to five machines. There first is a new `pro enable landscape` command that makes it easier to quickly enrol devices to Canonical’s fleet management tool. The second is a new addition to ADsys, the Active Directory GPO client, that improves networking configuration with certificate auto-enrollment so those managing mixed Ubuntu and Windows estate can further unify their workflows. You can learn more about this in the video below.
Speaking of networking, we’ve also brought Netplan to the Desktop. This declarative network configuration tool standardises how administrators interact with the different networking stacks across both Desktop and Server, making it easier to consistently configure your fleet across environments.
Refining the desktop installer
The desktop installer has had a cycle of refinement after the initial transition to Subiquity, the Ubuntu Server installer that became the default on Desktop in Ubuntu 23.04.
The most notable change for new users is that the default install path is now based on the previous ‘minimal’ installation option, providing only the essential apps to get started and empowering the user to configure their desktop via the new App Center. After some lively discussion with the community we’ve maintained the ‘full’ installation option for those users in offline scenarios or who may be unfamiliar with the open source alternatives to their current productivity apps.
ZFS guided install makes its return after being ported across from the old Ubiquity installer. ZFS continues to be a technology we want to explore further and by supporting it in Subiquity we’ve laid the groundwork for the inclusion of guided install on Ubuntu Server as well. Next cycle we’ll be looking at ZFS encryption as an additional security option.
Looking ahead to desktop provisioning
As we mentioned in our previous blog on the direction of Ubuntu Desktop, we have grand plans for our desktop deployment story. In the long term we want to make it easier to configure and customise your desktop at install time, so that both organisations and individuals can get up and running with their preferred configurations as quickly as possible.
The foundational pieces of technology that enables this are Subiquity and Cloud-Init, which allows us to explore the desktop-specific potential of two key features, autoinstall and cloud-init.
Autoinstall lets users configure their Ubuntu installation and cloud-init allows for further configuration on first-boot. These can be combined into a single config that enables you to configure your network, user, ssh keys, installed packages, run scripts and much more. Expect to hear more about how we plan to leverage these technologies as we get closer to Ubuntu 24.04 LTS. If you want to get hands-on in the meantime, Raspberry Pi engineer Dave “Waveform” Jones has put together a series of blogs about how to use cloud-init to recreate the Ubuntu flavours from a base Ubuntu Server image on the Raspberry Pi.
And speaking of the Raspberry Pi…
Mantic Minotaur is ready for Raspberry Pi 5
September introduced us to the next generation of Raspberry Pi. The new Raspberry Pi 5 delivers a 2-3x performance increase alongside increased I/O and the addition of a much requested power button. With support for dual 4k 60hz displays, this new generation promises to deliver a significantly upgraded desktop experience, which is particularly great news for Dave Jones who uses a Pi 400 as his daily driver. We’re proud to say that for the first time Ubuntu 23.10 will support the latest device from day 1 and we can’t wait to see what incredible creations the community delivers once the Raspberry Pi 5 becomes available.
And the year’s not over yet…
You might think we’d covered quite enough for one release and one year, but we’re excited to say that there’s still a few more cool things coming before we wrap up for the holidays.
In two weeks the Canonical crew will be heading to Riga where we’ll be hosting the second Ubuntu Summit, a gathering of passionate Ubuntu enthusiasts who will be sharing their knowledge and experiences both in person and online. There’ll be topics around gaming, flutter, snaps and WSL from a host of special guests, and the desktop team will also be presenting talks on both the future of Ubuntu Desktop on Arm as well as the latest in-progress updates on Ubuntu Core Desktop.
We hope you’ll follow along wherever you are in the world, and if you’re attending in person I look forward to seeing you there.