@linux4noobs How to install Fedora on Laptop with FDE via LUKS using TPM. So, It unlocks automatically during boot ?

  • Ikel AtomigOP
    110 months ago

    @d3Xt3r When encrypted consider I wanna do a BIOS and TPM upgrade. What should I do. So, I don’t break things.

    Important thing the update packages are in the form of .exe.

    • @d3Xt3r
      210 months ago

      There should be no issues doing BIOS/TPM upgrades, only thing that may happen is that you might be prompted to enter your decryption password again.

      Potentially, you may need to update the binding again, so running the sudo systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto [...] command will do the rebinding.

      You won’t be able to update the BIOS using exes, that only works on Windows. To update the BIOS/TPM in Linux, fwupd is the way to go. Usually this should be integrated into the Gnome Software Center, so you should just use that in the first instance to check for and install any updates.

      • Ikel AtomigOP
        110 months ago

        @d3Xt3r Thanks. I just checked LVFS. My device is supported and has BIOS updates via fwupd. TPM I recently updated using exe. It won’t be a problem I guess. Cuz TPM aren’t updated often.

        The password for both drives are just one ?

        • @d3Xt3r
          110 months ago

          You can have multiple passwords for each drive but that complicates things, so it’s best to just use the same password for both the drives. (each time you enroll a drive with systemd-cryptenroll, it’ll prompt for a password).

          • Ikel AtomigOP
            110 months ago

            @d3Xt3r I am ready to use different passwords for different drives. It is just entering the password twice when rebinding right?

            Are there things complicated than that ?

            • @d3Xt3r
              110 months ago

              I haven’t used multiple passwords so can’t say for sure, but it should still work the same, in theory.