this post was submitted on 19 Jul 2025
51 points (100.0% liked)

Linux

8983 readers
838 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
51
Protecting against rogue devices with Full Disk Encryption and TPM (news.opensuse.org)
submitted 4 weeks ago by cm0002@programming.dev to c/linux@programming.dev
6 comments fedilink hide all child comments
top 6 comments
sorted by: hot top controversial new old
[–] uawarebrah@sh.itjust.works 7 points 4 weeks ago

Linux still needs some work in this space, we need full verified boot and ways to protect the boot partition against evil maid attacks. This is one major reason I haven’t been able to fully switch to Linux.

[–] thann@lemmy.dbzer0.com 6 points 4 weeks ago (1 children)

UEFI is the problem, we need coreboot!

[–] possiblylinux127@lemmy.zip 3 points 4 weeks ago

Tianocore is the foss implementation

[–] possiblylinux127@lemmy.zip 2 points 4 weeks ago

Interesting

Secure boot is very hard to get right. At Tue moment I would be hesitant to rely on it solely.

[–] bjoern_tantau@swg-empire.de 1 points 4 weeks ago (1 children)

Can someone ELI5? Do I have to do something when I just use FDE with a passphrase?

[–] possiblylinux127@lemmy.zip 3 points 4 weeks ago

You can use TPM2 on Linux but it can have some bad security consequences if done incorrectly.