I used PopOS, but once they announced they’ll start focusing on their Cosmic desktop, I switched to Fedora KDE it worked to some degree until it crashed and I lost some data, now I’m on Ultramarine GNOME and it doesn’t seem to like my hardware ( fans are spinning fast )

my threat model involves someone trying to physically unlock my device, so I always enable disk encryption, but I wonder why Linux doesn’t support secure boot and TPM based encryption ( I know that Ubuntu has plans for the later that’s why I’m considering it rn )

I need something that keeps things updated and adobts newer standards fast ( that’s why I picked Fedora KDE in the first place ), I also use lots of graphical tools and video editing software, so I need the proprietary Nvidia drivers

Idk what to choose ಥ_ಥ ? the only one that seem to care about using hardware based encryption is Ubuntu, while other distros doesn’t support that… the problem with Ubuntu is there push for snaps ( but that can be avoided by the user )

security heads say: if you care about security, you shouldn’t be using systemd, use something like Gentoo or Alpine… yeah but do you expect me to compile my software after ? hell no

  • Biezelbob
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    2
    ·
    edit-2
    4 months ago

    TPMs can be extracted with physical access

    You could use a security key

    • th3raid0r
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      4 months ago

      TPMs can be extracted with physical access

      Sure, but IIRC, they’d still need my PIN (for TPM+PIN through cryptenroll). I don’t think it’s possible to do TPM backed encryption without a PIN on Linux.

      EDIT: Oh wait, you can… Why anyone would is beyond me though.