Hi,

Some months ago we announced the support of systemd-boot in MicroOS and
in Tumbleweed, using a new tool named sdbootutil, that help us to
synchronize the boot loader entries with available snapshots in the
system.

Today we announce that we supporting the full disk encryption (FDE)
tools that systemd bring us via systemd-cryptenroll or cryptsetup. We
extended the pcr-oracle to support new PCRs and the generation of
authorized policies in JSON format for systemd

With this we also propose a new architecture in the distribution that
allows the enrollment of the TPM2 (with full measured boot attestation)
and the FIDO2 key, using the already available systemd user tools.

The MicroOS image[0] was also extended to show all this nice features
working together.

The long (sorry, maybe too long) explanation is in the news-o-o blog
post[1], and the technical details are in the openSUSE Systemd-fde wiki
page[2].

Feedback is more than welcome!

... also happy holidays, end of the year and beginning of 2024!

[0]
http://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-kvm-and-xen-sdboot.qcow2
[1] https://news.opensuse.org/2023/12/20/systemd-fde/
[2] https://en.opensuse.org/Systemd-fde