linux4noobs

2638 readers

1 users here now

linux4noobs

Noob Friendly, Expert Enabling

Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.

Seeking Support?

Mention your Linux distro and relevant system details.
Describe what you've tried so far.
Share your solution even if you found it yourself.
Do not delete your post. This allows other people to see possible solutions if they have a similar problem.
Properly format any scripts, code, logs, or error messages.
Be mindful to omit any sensitive information such as usernames, passwords, IP addresses, etc.

Community Rules

Keep discussions respectful and amiable. This community is a space where individuals may freely inquire, exchange thoughts, express viewpoints, and extend help without encountering belittlement. We were all a noob at one point. Differing opinions and ideas is a normal part of discourse, but it must remain civil. Offenders will be warned and/or removed.
Posts must be Linux oriented
Spam or affiliate links will not be tolerated.

founded 2 years ago

MODERATORS

PlutoParty@programming.dev

@linux4noobs How to install Fedora on Laptop with FDE via LUKS using TPM. So, It unlocks automatically during boot ? (toot.io)

submitted 2 years ago by Ikel@toot.io to c/linux4noobs@programming.dev

9 comments fedilink hide all child comments

@linux4noobs How to install Fedora on Laptop with FDE via LUKS using TPM. So, It unlocks automatically during boot ?

you are viewing a single comment's thread
view the rest of the comments

[–] d3Xt3r@lemmy.nz 3 points 2 years ago (8 children)

Just install it normally (selecting the LUKS option). Once installed, use systemd-cryptenroll to register your drive to decrypt using the TPM chip.

See this page for more details: https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95

The systemd-cryptenroll man page also has some info that's worth reading as it'll give you a bit of insight on how this works.

[–] Ikel@toot.io 0 points 2 years ago* (last edited 2 years ago) (1 children)

I want to Fully Encrypt. Including /boot. Does LUKS do it or I need to do it separately ?

The Gist says it won't unlock automatically for Kernel updates. Does it mean the linux kernel ?

[–] d3Xt3r@lemmy.nz 1 points 2 years ago

I'd you want to encrypt /boot as well, follow this guide: https://sysguides.com/install-fedora-37-with-luks-full-disk-encryption/#1-2-encrypt-the-boot-partition-with-luks

Yes, the kernel refers to the Linux kernel.

load more comments (6 replies)