asudox@lemmy.world to Linux@lemmy.ml · 10 months agoCan you make Pop!_OS disk encryption use TPM?message-squaremessage-square40fedilinkarrow-up134arrow-down11
arrow-up133arrow-down1message-squareCan you make Pop!_OS disk encryption use TPM?asudox@lemmy.world to Linux@lemmy.ml · 10 months agomessage-square40fedilink
minus-square𝘋𝘪𝘳𝘬@lemmy.mllinkfedilinkarrow-up10·10 months agoIdeally the key isn’t stored anywhere on the machine that contains the storage medium the key is for.
minus-squareBitrot@lemmy.sdf.orglinkfedilinkEnglisharrow-up11·10 months agoThat is the tradeoff if one desires TPM-backed encryption. It really depends on the threat model.
minus-squarehperrin@lemmy.worldlinkfedilinkarrow-up4·10 months agoIf being able to boot unattended is more important than potential data leak if the server is physically compromised, then that’s what you have to do.
minus-squareHapbt@mastodon.sociallinkfedilinkarrow-up2·10 months ago@hperrin @Dirk you can do this somehow and I even had it working at one point, but it was kinda a pain in the ass and I never redid it https://glentomkowiak.medium.com/luks-with-tpm-in-ubuntu-df867cad9a1
Ideally the key isn’t stored anywhere on the machine that contains the storage medium the key is for.
That is the tradeoff if one desires TPM-backed encryption. It really depends on the threat model.
If being able to boot unattended is more important than potential data leak if the server is physically compromised, then that’s what you have to do.
@hperrin @Dirk you can do this somehow and I even had it working at one point, but it was kinda a pain in the ass and I never redid it
https://glentomkowiak.medium.com/luks-with-tpm-in-ubuntu-df867cad9a1