This guide does a good job of discussing Secure Boot, but what I've always been ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		OminousWeapons on Sept 24, 2020 \| parent \| context \| favorite \| on: NSA Technical Report on UEFI Secure Boot Customiza... This guide does a good job of discussing Secure Boot, but what I've always been curious about is the feasibility of enrolling my LUKS key in the TPM in order to roll my own Bitlocker. I've seen a few guides on this but I'm hesitant to mess around with my encryption key on my everyday systems. Has anyone successfully done this along with Secure Boot and if so can they point me to the guide they used?

thudson on Sept 24, 2020 [–]

If you want LUKS encryption with signed policies to prevent brittle PCRs, rollback prevention with monotonic counters, and user pin to prevent dictionary attacks, plus TPM sealed TOTP to attest to the state of the firmware: https://safeboot.dev/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact