Alberto Planas Dominguez: Current state of Full Disk Encryption in openSUSE
ฝัง
- เผยแพร่เมื่อ 29 ก.ย. 2024
- In other talks we presented the plan that we have with relation FDE in openSUSE, with special focus in MicroOS and Tumbleweed. The proposed architecture is using systemd to enroll security devices (like a TPM2 or a FIDO2 key) in user space, and configuring the system such that is initrd the one that unlocks the device. This architecture is different from the current ALP model, which uses GRUB2 to unlock the device from the boot loader, before the kernel is even loaded. For this talk we will present the current implementation announced in December 2024 that uses signed policies to a TPM2 installation, and the ongoing adaptation on using TPM2 policies stored in a NVRAM slot, using the new systemd-pcrlock tool.
