• richardisaguy@lemmy.world
      link
      fedilink
      arrow-up
      21
      ·
      9 days ago

      Can i get some context please? My fedora install wasn’t using TPM, i had to manually configure it; i haven’t noticed any difference in boot speed with or without TPM encryption

        • richardisaguy@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          9 days ago

          I want to have data-at-rest encryption, so that the only password i need to insert is my user one, this allows me to not have to type passwords multiple times. If i had the regular encryption password i would have to enable autologin in SDDM, which would do away with the encryption on kdewallet and all my credentials.

          Plus i also enable secureboot, and use fedora kinoite, so that i is hard to tamper with my boot stuff without my TPM wiping itself off my encryption password, this gives me a very Bitlocker-like setup, but without the shittiness of having my encryption keys linked to microsoft’s terrible encryption system and user accounts, i can actually control my stuff like this. For a laptop, i must say data-at-rest encryption is a must!

          This setup gives me multiple security layers; took my laptop off me -> booted my laptop, faced with user password -> tried to boot another OS, TPM wiped itself, no more encryption key -> computer now asks for encryption password, has to find a way around LVM2 encryption -> LVM2 encryption (somehow) defeated they must now crack my user password, or have to (try) to decrypt my credentials on the file system itself; after all these convoluted and extremely hard steps i think we can agree this person really deserves to have access to my cool wallpapers

        • rzlatic@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          8 days ago

          so if it probably affects only a small number of specific hw platforms, you cannot state fedora as “now wait 40 seconds” distro.

          i’m also not using the tmd chip, no issues.