Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I am wondering if there's a way to have some kind of unattended boot process along with an encrypted disk, as long as there's a tpm chip in the host.


It is possible if a bit convoluted [1, 2]. When I looked into it last year it seemed the good guides were focused on Clevis & Tang with a separate server (i.e. your PC at home on your network would boot but if away from the Tang server the PC would fall back to password). In a quick look it seems they may simply support TPM2 now although I haven't looked into how/if this is different to the article.

[1]: This is older with TPM1.2, but is the 'autoboot' similar to Windows BitLocker, https://ranzbak.nl/tpmluks/ [2]: https://blog.dowhile0.org/2017/10/18/automatic-luks-volumes-... [3]: https://redhat.slides.com/pladd/securing-automated-decryptio...


this is exactly the feature that's now possible with systemd too




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: