Hey! I’m currently on Fedora Workstation and I’m getting bored. Nothing in particular. I’ve heard about immutable distros and I’m thinking about Fedora Kinoite. The idea is interesting but idk if it’s worth it. CPU and GPU are AMD. Mostly used for gaming.

  • ndonkersloot@feddit.nl
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’m not sure what you mean exactly but I use Silverblue with secureboot on and a LUKS encrypted drive using a fido2 key. To my knowledge I also could configure the use of TPM to store my key but find that setup not to my liking.

    • hottari@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      This summary should cover my main concerns with current secure boot implementations on the major distros. Ignore everything else other the linked part. I also would not want to be forced to use grub as the bootloader.

      Curious. What did you not like about using TPM to store keys in your setup? I use TPM for secure state validation & automatic decryption of my LUKS drive, it’s great and also acts as a tripwire for secureboot state.

      I could build a custom version of Silverblue (u-Blue) to replicate what I already have setup, but none of this would be supported configuration. All this is not entirely to blame on on immutable distros (traditional distros don’t give a damn about secure boot either way), just that to mess around within /etc is a no-no in such a model so to get multiple pre-configured options for secureboot configs/keys that work seamlessly would be a great experience for me.

      • ndonkersloot@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        My (maybe flawed?) thoughts: Why bother with full disk encryption if one could just boot the notebook to undo the encryption?

        Using my yubico fido 2 key in combination with a small PIN I can easily decrypt my LUKS drive and know nobody else can decrypt it as long as I have my yubico with me.

        What do you think of this?