privacyguides / privacyguides.org

Protect your data against global mass surveillance programs.
https://www.privacyguides.org
Creative Commons Attribution Share Alike 4.0 International
2.78k stars 209 forks source link

Utilization of TPM with PIN `systemd-cryptenroll` #1855

Open dngray opened 2 years ago

dngray commented 2 years ago

Description

URL of affected page: https://www.privacyguides.org/linux-desktop/hardening/

One of the recommendations we'll be making to the Windows section is the use of the TPM PIN https://github.com/privacyguides/privacyguides.org/issues/166#issuecomment-1119683164.

As of systemd-cryptenroll 251 https://github.com/systemd/systemd/pull/22563 it's possible to use the --with-pin option.

I've tested this on both Silverblue and Archlinux and it works well. I have a draft guide I wrote for myself which I should submit to the site.

dngray commented 3 months ago

With this I really want to wait until you have UKIs in Fedora https://fedoraproject.org/wiki/Changes/Unified_Kernel_Support_Phase_2 and ideally sbctl in the main fedora repositories.