You are not logged in.
- Topics: Active | Unanswered
#1 2024-04-30 02:44:08
- Retr0r0cket
- Member
- From: Sol III
- Registered: 2021-11-24
- Posts: 18
Possibility of TPM Holding SED Key For Samsung 970 Evo
I'm about to reinstall Arch, but I was thinking of using SED instead of software FDE, but I want to have it work with a TPM so I don't have to enter the password each time. Does anybody know if that's possible or not? I would think not, but I want to make sure
Offline
#2 2024-04-30 08:21:25
- impossibleveins23
- Member
- From: Israel
- Registered: 2022-06-18
- Posts: 94
Re: Possibility of TPM Holding SED Key For Samsung 970 Evo
This is my setup. You install the PBA image which boots at first and unlocks the drive by entering password, then it reboots to the regular boot manager.
Setting this though was a little PITA but no problems since and IO performance are higher than with LUKS.
Bear in mind there are few versions of PBA out there where the notable are official one that uses SHA-1 for password hashes, this and this using SHA-512 and has other fixes regarding the boot.
I ended up with sedutil-ladar becuase the official PBA stuck on boot
Offline
#3 2024-04-30 08:37:21
- impossibleveins23
- Member
- From: Israel
- Registered: 2022-06-18
- Posts: 94
Re: Possibility of TPM Holding SED Key For Samsung 970 Evo
Sorry read your comment backwards with the TPM.
Please ignore, but I'll leave it here if anyone needs this info...
Last edited by impossibleveins23 (2024-04-30 08:37:43)
Offline
#4 2024-04-30 12:32:35
- progandy
- Member
- Registered: 2012-05-17
- Posts: 5,211
Re: Possibility of TPM Holding SED Key For Samsung 970 Evo
It might be possible if you encrypt individual partitions:
https://github.com/systemd/systemd/issu … 1681980103
https://lore.kernel.org/all/cd409f6c-5d … ail.com/T/
Last edited by progandy (2024-04-30 12:37:38)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline