On Sunday 2023-07-30 19:59, Martin Winter wrote:
Gary Lin wrote:
Hi, I'm pleased to introduce a new feature for openSUSE Tumbleweed: disk auto-unlocking with TPM 2.0. In short, it boots the encrypted root without asking for a passphrase.
What is the actual use case for that? I'm encrypting my disk to protect it in case the Notebook gets stolen or otherwise lost. When it is auto-unlocked, everybody with access to my computer can read the data.
Or am I missing something? Is there another protection mechanism before the disk is unlocked?
One benevolent interpretations to the outrageous proposal is that there is a password to be entered at firmware initialization time to unlock a keystore in the TPM. But I would not trust any horses to firmware as long as it ain't fully open and libre software.