Rogue disk plugged into your #Linux? #openSUSE’s advanced #FDE setup uses #TPM PCRs to detect fake rootfs and halt booting. Bonus: automatic policy updates after updates. #SecureBoot https://news.opensuse.org/2025/07/18/fde-rogue-devices/
#FDE
Boot-time trust, #TPM2 sealing, and stopping fake rootfs attacks; #openSUSE’s new Full Disk Encryption defenses are wild. Read the #tech deep-dive. #infosec #openSUSE #TPM2, #PCR #FDE #sysadmins #security #opensource https://news.opensuse.org/2025/07/18/fde-rogue-devices/
If you use #LUKS for #FDE and have fast disks, you should read my last blog post.
The default settings cut the performance 90% vs unencrypted in synthetic testing. Real world would probably not be as bad but still, with some quick settings we got it back up to 50%, which probably means 90% in real world.
This was for a big RAID10 array with 10 really fast NVME disks, I have not looked at if this happens also on single disks. Defaults might also have changed since I did the testing early last year.
https://blog.nyman.re/2025/08/18/luks-on-nvme-from-gibs.html
It's a really long #blaugust2025 post to make up for the recent micro blogging :-)
Наиболее весёлое из полнодискового шифрования через #LUKS? Что на многих ноутбуках используются AT-клавиатуры и ввести пароль для доступа к диску можно лишь при наличии активного atkbd модуля в образе initramfs.
Или же подключив usb-клавиатуру, если слетело что-то в системе из-за обновлений и некорректно собрался initramfs.
Т.е. на десктопах с этим проще, а вот на ноутах народ часто забывает о такой вещи. И не важно с каким загрузчиком EFI-шным — systemd-boot или же GRUB.
На некоторых ноутах приходится ещё и atkbd.reset=1 использовать, из-за определённых заморочек\багов в EFI\UEFI от производителя материнской платы.
Поскольку могут возникать проблемы, когда при перезагрузке ноутбука клавиатура просто не работает. И надо его тупо выключить и подождать секунд 30 если работает с батареи или же пару минут, если работает от сети. Только после этого получится будет работать клавиатура при запросе пароля для доступа к шифрованным разделам NVMe/SSD/HDD.
Например, было такое лично у меня на выданном Asus ZenBook в районе 2022-2023 годов.
А так, в целом, за последние пять лет #LUKSv2 лишь радовал, если понимаешь что нужно и делаешь изначально всё c #Argon2 и потому приходится разобраться с тем, каким должен быть initramfs и загрузчик в системе.
#linux #crypto #fde #криптография
How secure is your Full Disk Encryption? #openSUSE digs deep into mitigating rogue device attacks using #TPM2, #PCR extensions, and custom #initrd validation. A must-read #FDE for #sysadmins & #security pros. #opensource https://news.opensuse.org/2025/07/18/fde-rogue-devices/
Ubuntu 25.10 To Feature Experimental TPM-Backed Full Disk Encryption (FDE) #ubuntu25_10 #TPM #FDE #QuestingQuokka #Security #FullDiskEncryption #TrustedPlatformModule #Linux #Opensource
https://ostechnix.com/ubuntu-25-10-tpm-backed-full-disk-encryption-fde/
Ubuntu 25.10 will be the first version to feature experimental TPM/FDE!
#Ubuntu #Linux #UbuntuLinux #Computers #Laptops #TechNews #TechUpdates #TPM #FDE #Encryption #Security #Cybersecurity
https://officialaptivi.wordpress.com/2025/07/28/ubuntu-25-10s-tpm-based-encryption-is-experimental/
Think your encrypted #Linux drive is safe? Think again. Dive into how #openSUSE tackles rogue device attacks with #TPM-backed Full Disk Encryption. #FDE. #Security #opensource https://news.opensuse.org/2025/07/18/fde-rogue-devices/
What's next for #openSUSE Tumbleweed and #MicroOS? Catch this #oSC25 talk covering the latest work from the Future Technology team to include #FDE with TPM/Fido2, YaST2 improvements & more. See how security & flexibility are being taken to the next level! https://youtu.be/MPMrlUj1sVA?si=bMjxsJtyIOEyqzgb
🔗 Expand your faith network, & connect with other Christian entrepreneurs through the Faith Driven Entrepreneur Study. 📝 🎓
It's completely FREE! 👉 Join me at https://www.ianmayer.com/fde #FaithDriven #FDE
What’s next for #Tumbleweed & #MicroOS? From #FDE to #TPM and more. Join us at this year's #openSUSE Conference. #Endof10 https://events.opensuse.org/
OpenBSD users, can you tell me your experience of full-disk encryption on a SSD?
Is the encryption overhead noticiable compared to plain SSD? Or is it as slow as HDD?
How often have you lost files due to a poweroff letting your partition on an inconsistent state?
#SteamDeck folks ... who has switched from #steamos to something like #bazzite so you can enable full disk encryption #fde ??
I cannot use this as a laptop replacement without #encryption and it doesn't seem to be a priority for Valve.
I was thinking of buying a new-to-me #Thinkpad next month, but I think what I'll do instead is try to spruce up my #PinebookPro:
- Get new rubber feet
- Get a bigger SSD
- Install #pmOS and finally have #FDE on the thing
- Put some proper locktite on the screws so it's not falling apart all the time
I need to look up some videos on applying threadlocker to screws. It's much looser stuff than the typical locktite and it tends to make a mess.
I'm debating just dribbling locktite (regular CA) on top of the screws as well to try to make them a little more permanent. Not a great solution, but the thing just loves to fall apart.
It's always best to try to #reuse! <3
Thinking of trying #postmarketOS on my #PinebookPro.
I didn't even know you could run it as a desktop OS.
Supposedly the installer supports #FullDiskEncryption, which is... "poggers," I think the kids say.
🔗 Expand your faith network, & connect with other Christian entrepreneurs through the Faith Driven Entrepreneur Study. 📝 🎓
It's completely FREE! 👉 Join me at https://www.ianmayer.com/fde #FaithDriven #FDE
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst