this post was submitted on 27 Aug 2023
6 points (80.0% liked)
linux4noobs
2638 readers
1 users here now
linux4noobs
Noob Friendly, Expert Enabling
Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.
Seeking Support?
- Mention your Linux distro and relevant system details.
- Describe what you've tried so far.
- Share your solution even if you found it yourself.
- Do not delete your post. This allows other people to see possible solutions if they have a similar problem.
- Properly format any scripts, code, logs, or error messages.
- Be mindful to omit any sensitive information such as usernames, passwords, IP addresses, etc.
Community Rules
- Keep discussions respectful and amiable. This community is a space where individuals may freely inquire, exchange thoughts, express viewpoints, and extend help without encountering belittlement. We were all a noob at one point. Differing opinions and ideas is a normal part of discourse, but it must remain civil. Offenders will be warned and/or removed.
- Posts must be Linux oriented
- Spam or affiliate links will not be tolerated.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Just install it normally (selecting the LUKS option). Once installed, use
systemd-cryptenrollto register your drive to decrypt using the TPM chip.See this page for more details: https://gist.github.com/jdoss/777e8b52c8d88eb87467935769c98a95
The systemd-cryptenroll man page also has some info that's worth reading as it'll give you a bit of insight on how this works.
@d3Xt3r When encrypted consider I wanna do a BIOS and TPM upgrade. What should I do. So, I don't break things.
Important thing the update packages are in the form of
.exe.There should be no issues doing BIOS/TPM upgrades, only thing that may happen is that you might be prompted to enter your decryption password again.
Potentially, you may need to update the binding again, so running the
sudo systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto [...]command will do the rebinding.You won't be able to update the BIOS using exes, that only works on Windows. To update the BIOS/TPM in Linux,
fwupdis the way to go. Usually this should be integrated into the Gnome Software Center, so you should just use that in the first instance to check for and install any updates.@d3Xt3r Thanks. I just checked LVFS. My device is supported and has BIOS updates via fwupd. TPM I recently updated using exe. It won't be a problem I guess. Cuz TPM aren't updated often.
The password for both drives are just one ?
You can have multiple passwords for each drive but that complicates things, so it's best to just use the same password for both the drives. (each time you enroll a drive with
systemd-cryptenroll, it'll prompt for a password).@d3Xt3r I am ready to use different passwords for different drives. It is just entering the password twice when rebinding right?
Are there things complicated than that ?
I haven't used multiple passwords so can't say for sure, but it should still work the same, in theory.