Comment on Encrypting without full disk encryption question
bzLem0n@lemmy.ca 1 week ago
If you have TPM2 support on the motherboard it can be used to unlock LUKS encryption but has the following known vulnerability.
Comment on Encrypting without full disk encryption question
bzLem0n@lemmy.ca 1 week ago
If you have TPM2 support on the motherboard it can be used to unlock LUKS encryption but has the following known vulnerability.
lorentz@feddit.it 1 week ago
The issue I see with TPM is that it will always unlock the drive as long as it is connected to the same motherboard. It means you have to trust all the services you run to be correctly secured. Like there is little reason to encrypt your hard drive in this way if later you have a samba share open without any password.