Techly NewsGet the app

Get the latest tech news

Authenticated Boot and Disk Encryption on Linux (2021)


Posts and writings by Lennart Poettering

They are great for safely storing SSL private keys and similar on your system, but they also come handy for parameterizing initrds: an encrypted credential is just a file that can only be decoded if the right TPM is around with the right PCR values set. That's good not only for performance, but also has practical benefits: it allows extracting the encrypted volume of the various users in case the TPM key is lost, as a way to recover from dead laptops or similar. Frankly it feels as if so far the design approach for all this was the other way round: try to make the new stuff work like the old rather than the old like the new (I mean, to me it appears this thinking is the main raison d'être for the Grub boot loader).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Linux

Linux

Photo of disk encryption

disk encryption

Photo of authenticated boot

authenticated boot

Related news:

News photo

OrbStack: The fast, light, and easy way to run Docker containers and Linux

News photo

Desktop Operating System Market Share Worldwide | Linux rises again to 4.55%, freebsd falls to 0%

News photo

Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems

« Clojure Interactive Development 101
Rust for Linux maintainer steps down in frustration with 'nontechnical nonsense' »