• richardisaguy@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    9 days ago

    Can i get some context please? My fedora install wasn’t using TPM, i had to manually configure it; i haven’t noticed any difference in boot speed with or without TPM encryption

      • richardisaguy@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        9 days ago

        I want to have data-at-rest encryption, so that the only password i need to insert is my user one, this allows me to not have to type passwords multiple times. If i had the regular encryption password i would have to enable autologin in SDDM, which would do away with the encryption on kdewallet and all my credentials.

        Plus i also enable secureboot, and use fedora kinoite, so that i is hard to tamper with my boot stuff without my TPM wiping itself off my encryption password, this gives me a very Bitlocker-like setup, but without the shittiness of having my encryption keys linked to microsoft’s terrible encryption system and user accounts, i can actually control my stuff like this. For a laptop, i must say data-at-rest encryption is a must!

        This setup gives me multiple security layers; took my laptop off me -> booted my laptop, faced with user password -> tried to boot another OS, TPM wiped itself, no more encryption key -> computer now asks for encryption password, has to find a way around LVM2 encryption -> LVM2 encryption (somehow) defeated they must now crack my user password, or have to (try) to decrypt my credentials on the file system itself; after all these convoluted and extremely hard steps i think we can agree this person really deserves to have access to my cool wallpapers

      • rzlatic@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        9 days ago

        so if it probably affects only a small number of specific hw platforms, you cannot state fedora as “now wait 40 seconds” distro.

        i’m also not using the tmd chip, no issues.