@linux4noobs How to install Fedora on Laptop with FDE via LUKS using TPM. So, It unlocks automatically during boot ?

  • @d3Xt3r
    link
    2
    edit-2
    10 months ago

    There should be no issues doing BIOS/TPM upgrades, only thing that may happen is that you might be prompted to enter your decryption password again.

    Potentially, you may need to update the binding again, so running the sudo systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto [...] command will do the rebinding.

    You won’t be able to update the BIOS using exes, that only works on Windows. To update the BIOS/TPM in Linux, fwupd is the way to go. Usually this should be integrated into the Gnome Software Center, so you should just use that in the first instance to check for and install any updates.

    • Ikel AtomigOP
      link
      fedilink
      1
      edit-2
      10 months ago

      @d3Xt3r Thanks. I just checked LVFS. My device is supported and has BIOS updates via fwupd. TPM I recently updated using exe. It won’t be a problem I guess. Cuz TPM aren’t updated often.

      The password for both drives are just one ?

      • @d3Xt3r
        link
        110 months ago

        You can have multiple passwords for each drive but that complicates things, so it’s best to just use the same password for both the drives. (each time you enroll a drive with systemd-cryptenroll, it’ll prompt for a password).

        • Ikel AtomigOP
          link
          fedilink
          110 months ago

          @d3Xt3r I am ready to use different passwords for different drives. It is just entering the password twice when rebinding right?

          Are there things complicated than that ?

          • @d3Xt3r
            link
            110 months ago

            I haven’t used multiple passwords so can’t say for sure, but it should still work the same, in theory.