SomeBoyo@feddit.de to Selfhosted@lemmy.worldEnglish · 11 months agoWhat do you use to mount encrypted drives on boot?message-squaremessage-square19fedilinkarrow-up149arrow-down10
arrow-up149arrow-down1message-squareWhat do you use to mount encrypted drives on boot?SomeBoyo@feddit.de to Selfhosted@lemmy.worldEnglish · 11 months agomessage-square19fedilink
minus-squareakash_rawal@lemmy.worldlinkfedilinkEnglisharrow-up5·11 months agoTPM stores the encryption key against secure boot. That way, if attacker disables/alters secure boot then TPM won’t unseal the key. I use clevis to decrypt the drive.
TPM stores the encryption key against secure boot. That way, if attacker disables/alters secure boot then TPM won’t unseal the key. I use clevis to decrypt the drive.