On Monday, 31 July 2023 01:59:09 +08 Martin Winter wrote:
What is the actual use case for that? I'm encrypting my disk to protect it in case the Notebook gets stolen or otherwise lost. When it is auto-unlocked, everybody with access to my computer can read the data.
Or am I missing something? Is there another protection mechanism before the disk is unlocked?
I help run a few community servers for our local makerspace here, and auto- unlocking of encrypted drives using TPM 2.0 would allow me to remotely manage an encrypted filesystem setup. Since the normal procedure would be for me to ask someone on the other side of the island to help key in the passphrase every time I need to reboot the server. Although it makes it slightly less secure versus in-person unlocking, any thieves interested in the data would need to steal the entire server rack, which is quite a noticeable activity.