On 15.03.2020 23:12, Marius Schwarz wrote: > I knew someone would bring this up: TMP does not protect your drive, > as you could boot with "init=/bin/bash 1" You should enable UEFI Secure Boot, create your CA, install systemd-boot and sign it with your CA. TPM 2.0 protect full boot chain using PCR-7. No one can start system from USB stick and unlock your LUKS protection. -- Sincerely, Vitaly Zaitsev (vitaly@xxxxxxxxxxxxxx) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
