One of the good inpact of #Microsoft is pushing a laptop #security features that can be benefited also by #Linux.
For example #TPM2 can securely unlock your encrypted root linux drive without entering a password every time.
🔑 📀
skorpil.cz/en/project/42/mkini…
For example #TPM2 can securely unlock your encrypted root linux drive without entering a password every time.
🔑 📀
skorpil.cz/en/project/42/mkini…
Mkinitcpio tpm2 encrypt
All my personal and company computers are powered by Arch Linux with encrypted storages. This setup brings an inconvenience of entering two passwords on startup. One unlocks the storage encryption, second logs me to my user account.Štěpán Škorpil
Michel Salim
in reply to Štěpán Škorpil • • •Štěpán Škorpil
in reply to Michel Salim • • •Michel Salim
in reply to Štěpán Škorpil • • •Štěpán Škorpil
in reply to Michel Salim • • •Encrypting in Luks, dividing volume using lvm, then storage ext. Especially in security where it is really hard to do it well.
Herr Irrtum!
in reply to Štěpán Škorpil • • •Štěpán Škorpil
in reply to Herr Irrtum! • • •Actually you should do it this way, because if you update bios for example, tpm detects that bios was tampered with and does not unseal the key. In that situation it asks for a disk password during the boot. And you than need to reseal the key to tpm be able to unlock your drive again.
Štěpán Škorpil
in reply to Štěpán Škorpil • • •"cryptsetup open /dev/sdaX someName"
Herr Irrtum!
in reply to Štěpán Škorpil • • •