Hi Thorsten 😀 Am Mittwoch, 22. Dezember 2021, 08:08:44 CET schrieb Thorsten Kukuk:
The work on this started because there are many requests to protect systems much better against attacts on Edge devices, but are in general usefull. Maybe not for everybody using a TPM device, but a fido2 stick instead, but in the end most of the stack is in both cases identical. If I would travel with my notebook and want to protect my personal data in the case my notebook get lost or stolen, I would not use the TPM solution but the fido2 stick.
Still looking for a perfect and simple Solution to save my local data. In the moment I've implemented the encryption from Tumbleweed installation and improved it according Fabians proposal: https://en.opensuse.org/SDB:Encrypted_root_file_system#Avoiding_to_type_the_... Due to the fact, that I have 2 brand new Nitrokey 3 (with one USB-C and one with USB_A) for my wive and me: https://www.nitrokey.com/news/2021/new-nitrokey-3-nfc-usb-c-rust-common-crit... I look on a solution which simply boots based on the used key in the Linux wich only requires the login password in Additon. Later on in best case also the kwallet and other wallets e.g. from GnuPG (Kleopatra, ..), Firefox and so on. For sure this is according my knowledge today not fully possible and also there is no automatic way. But step by step with some good manuals it will be greate. After participating Florians explanation TPM2 can only be an additional protection: https://www.youtube.com/watch?v=C58WLY7FvYk Regards Ulf