Helpful article on the risk of bypassing disk encryption on systems with automatic TPM2 unlock

https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock

#TPM #TPM2

@sesivany yeah, it is lacking. But hardware tokens like Yubikey are still somehow supported. Much worse is support of key protected by #TPM2 chip. That is like non-existent on #Linux. Even though every Red Hatter has laptop with it's support. Why do you need token, when your device has secure storage built-in?

Say goodbye to complex #boot #configs. #Tumbleweed’s new default, #GRUB2-BLS, means no config generation, easier encryption with #systemd tools, and a streamlined #EFI setup. Full-disk encryption with #TPM2? Now just a few clicks. #openSUSE https://news.opensuse.org/2025/11/13/tw-grub2-bls/

#Tumbleweed now defaults to #GRUB2-BLS! This modern boot setup brings easier integration for features like full disk encryption #FDE, #TPM2/#FIDO2 support, and faster updates. Clean, simple #boot entries. https://news.opensuse.org/2025/11/13/tw-grub2-bls/

Today I enabled #secureboot and it took me 2 hours. It created an endless boot loop that rebooted before the bios was available. Had to flash my bios to get it working again. Now everything works. Secure boot and #TPM2

After that I installed a #linux distro (#ubuntu ) with support for secure boot.

Now I can keep using Linux as my daily driver and boot into windows to play a round of #battlefield6 with my buddy. And I can cancel geforce now (only used it for a couple of days).

Unlock #LUKS encrypted /boot inside #GRUB using #TPM2 to get unattended booting, is it possible?

#Linux #ArchLinux #DMCrypt

How to Enable TPM 2.0 on Windows 10 PC

Keep your PC secure and game-ready! Our easy, step-by-step guide shows you how to enable TPM 2.0 without the stress. Protect your system and enjoy smoother gaming today.

#Izoate #Windows #Technology #Game #TPM2 #Windows10 #PCGaming

https://www.izoate.com/blog/how-to-enable-tpm-2-0-on-windows-10-pc-quick-guide-to-activate-tpm-for-gaming-and-security/

Estoy empezando a dudar si seguir con #Aeon, ya que ciertos aspectos del sistema me resultan tan retorcidos como opacos.

Los aspectos a los que me refiero no están relacionados con el sistema operativo en sí, sino con #SecureBoot, #TPM y #UEFI. En serio, que vuelva legacy #BIOS, porque esto es una completa locura.

Es básicamente seguridad basada en oscuridad.

#openSUSE #TPM2

Windows 10 in Europa: supporto gratuito esteso di un anno
#Aggiornamenti #Europa #Italia #Laptop #Microsoft #Novità #PC #SEE #SistemaOperativo #TechNews #Tecnologia #TPM2 #UE #Update #Windows10 #Windows11

https://www.ceotech.it/windows-10-in-europa-supporto-gratuito-esteso-di-un-anno/

Full Disk Encryption just got smarter. #openSUSE’s systemd-based #sdbootutil now supports unlocking with certificates, #TPM2 (plus PIN!), or #FIDO2 key (with tamper-aware #boot integrity). https://news.opensuse.org/2025/07/18/fde-rogue-devices/

Tak jsem konečně upravil šifrování disků na svých počítačích.
Do teď jsem zamykal heslo root file systému do #tpm2 vlastním scriptem popsaným zde:
https://skorpil.cz/en/project/42/mkinitcpio-tpm2-encrypt

To řešení je už 5 let staré a překonané. Ale stále funkční. Dneska už to umí #systemd nativně. Porušil jsem pravidlo "nešťourej do něčeho co funguje" a přenastavil jsem šifrování na všech počítačích. Dneska je to fakt super pohodlné nastavení.

Nechcete nějakou minipřednášku o šifrování disků pomocí TPM2 na #LinuxDays ? Zaměřeno na #Arch, jiné distribuce tolik vyzkoušené nemám. Ona jedna přednáška byla už na tom loňském, tak nevím jestli je to potřeba. 🤷

DICE und EA haben die offiziellen #Hardware-#Anforderungen für #Battlefield6 veröffentlicht. Mindestens eine RTX 2060 und 16 GB RAM werden benötigt. Interessant: #TPM2.0 ist Pflicht, eine #SSD hingegen nicht. https://winfuture.de/news,153266.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Ein neuer Alternate-PC hat Einzug gehalten. Um mit #TPM2 #LUKS verschlüsselte Festplatten automatisch zu entschlüsseln, ohne Passwort-Anfrage mit einer noch besseren Grafikkarte dabei. Die vom Debian Paketsystem noch nicht unterstützt wird.
Lernkurve: Secure Boot, Nvidia Open Modules kompilieren und signieren um die GrKa auszureizen. Dann wie man das automatische Entschlüsseln durchführt und wie das Gerät in /etc/fstab angegeben wird.
3,5 Tage neuer Spaß. Schön.
Erfolg!
:blobcatsunglasses:

Worried about rogue devices compromising your encrypted #Linux system? Discover how #openSUSE combines #TPM2, #FIDO2, and measured boot to fortify #FDE installation. https://news.opensuse.org/2025/07/18/fde-rogue-devices/

Boot-time trust, #TPM2 sealing, and stopping fake rootfs attacks; #openSUSE’s new Full Disk Encryption defenses are wild. Read the #tech deep-dive. #infosec #openSUSE #TPM2, #PCR #FDE #sysadmins #security #opensource https://news.opensuse.org/2025/07/18/fde-rogue-devices/

How to Enable TPM 2.0 on Windows 11

Upgrade to Windows 11 without errors! ✅ Learn how to check, enable, and verify TPM 2.0 in BIOS/UEFI, activate Secure Boot, and prepare your PC for a smooth, secure installation today.

#Izoate #technology #howto #windows #Windows11 #TPM2

https://www.izoate.com/blog/how-to-enable-tpm-2-0-windows-11-step-by-step-guide-to-turn-on-tpm-2-0-and-secure-your-pc-for-windows-11-upgrade/

Call of Duty: Black Ops 7 PC’de oynamak isteyenlerin TPM 2.0 ve Secure Boot’u etkinleştirmesi gerekecek. Detaylar haberimizde.
#CallofDuty #BlackOps7 #Güvenlik #TPM2 #SecureBoot

https://www.teknoblog.com/call-of-duty-black-ops-7-guvenlik-sartlari-aciklandi/?utm_source=mastodon&utm_medium=jetpack_social

How secure is your Full Disk Encryption? #openSUSE digs deep into mitigating rogue device attacks using #TPM2, #PCR extensions, and custom #initrd validation. A must-read #FDE for #sysadmins & #security pros. #opensource https://news.opensuse.org/2025/07/18/fde-rogue-devices/

Ubuntu 25.10 mit Verschlüsselung per TPM
https://linuxnews.de/ubuntu-25-10-mit-verschluesselung-per-tpm/ #ubuntu #canonical #tpm2 #verschlusselung #encryption