On Tue, Apr 18, 2023 at 4:13 PM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
leap 15.4, full disk encryption (FDE), luks I suppose. I am not an expert (TM). reading this recent article: <https://mjg59.dreamwidth.org/66429.html> comes up with the question if ones distro supports stuff beyond PBKDF2, e.g. argon2id If you are concerned, use separate /boot and encrypt / the way you like. Or use TPM to avoid this problem to start with.
wow cool thanks for the reply but this didnt help a bit? i use the stuff that simple opensuse 15.4 installer gave me. all on a single nvme with some uefi active laptop big brand. secureboot is activated but this laptop also boots with secureboot disabled. but uefi only no classic bios. now what? where does tpm come into play here and how does this help according to the article of shortcoming or weak pbkdf2 algo? they strongly advise for that argon stuff. lsblk doesnt show separate boot i guess. it all went into one giant / partition. but this didnt answer the question if leap 15.4 and the infrastructure already? uses? can use? this argon2id? ty