this post was submitted on 19 Feb 2024
33 points (97.1% liked)

Linux

48328 readers
641 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Bitrot@lemmy.sdf.org 5 points 9 months ago (1 children)

Yes, and we are responding to someone asking about using it with the TPM.

[–] vexikron@lemmy.zip -5 points 9 months ago* (last edited 9 months ago) (1 children)

Ok... so... if you have TPM... and LUKS...

You still have a scenario where the encryption key is still on your physical device, LUKS with or without TPM, or ... some kind of TPM based Linux encryption solution I have never heard of?

Does Windows Secure Boot work on Linux via the TPM?

No...

Am I missing something?

Theres no point in involving TPM in securing a linux computer.

In a scenario where you've physically lost your computer, using TPM or not it wont matter if your pc gets into the hands of someone who can attempt to brute force the keys.

If your pc is remotely compromised to the point it has something on it that can grab your keys, it also will not matter if you are using TPM in some way.

The only practical use of full disk encryption is if your linux pc and or laptop gets stolen and falls into the hands of a non tech savvy person, and in that scenario, going through the trouble of correctly binding LUKS to TPM will have just been a waste of time.

Thus, you should probably just use LUKS and not bother routing it through TPM.

[–] Bitrot@lemmy.sdf.org 4 points 9 months ago* (last edited 9 months ago) (1 children)

It’s not a new feature, it’s convenient and also has use cases outside of convenience (it’s also generally going to make stronger keys than any passphrase). Here is one way that has existed for years, except Ubuntu specifically patches it out: https://www.freedesktop.org/software/systemd/man/latest/systemd-cryptenroll.html

It’s not a lot of work, it’s one command and a one word update in the crypttab.

Secure boot is generally a requirement to use the TPM.