• I_Miss_Daniel@lemmy.world
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    2
    ·
    10 hours ago

    Fedora 41 is now the ‘wait 45 seconds every boot because you don’t have a tpm chip’ version.

    • richardisaguy@lemmy.world
      link
      fedilink
      arrow-up
      18
      ·
      9 hours ago

      Can i get some context please? My fedora install wasn’t using TPM, i had to manually configure it; i haven’t noticed any difference in boot speed with or without TPM encryption

        • richardisaguy@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          4 hours ago

          I want to have data-at-rest encryption, so that the only password i need to insert is my user one, this allows me to not have to type passwords multiple times. If i had the regular encryption password i would have to enable autologin in SDDM, which would do away with the encryption on kdewallet and all my credentials.

          Plus i also enable secureboot, and use fedora kinoite, so that i is hard to tamper with my boot stuff without my TPM wiping itself off my encryption password, this gives me a very Bitlocker-like setup, but without the shittiness of having my encryption keys linked to microsoft’s terrible encryption system and user accounts, i can actually control my stuff like this. For a laptop, i must say data-at-rest encryption is a must!

          This setup gives me multiple security layers; took my laptop off me -> booted my laptop, faced with user password -> tried to boot another OS, TPM wiped itself, no more encryption key -> computer now asks for encryption password, has to find a way around LVM2 encryption -> LVM2 encryption (somehow) defeated they must now crack my user password, or have to (try) to decrypt my credentials on the file system itself; after all these convoluted and extremely hard steps i think we can agree this person really deserves to have access to my cool wallpapers