I’m curious about the possible uses of the hardware Trusted Protection Module for automatic login or transfer encryption. I’m not really looking to solve anything or pry. I’m just curious about the use cases as I’m exploring network attached storage and to a lesser extent self hosting. I see a lot of places where public...
If the device is stolen, your disk is still encrypted at all time. If you believe your OS’s login system is reasonably secure, then the attacker should have no way to access your data: they cannot access the data from software because it is blocked by login screen, they cannot access the data from hardware because it is protected by FDE.
One of the misconceptions I had before is that I assumed that the disk will be decrypted when you enter the LUKS password. This is not true, the password is loaded into the ram, and only decrypts necessary parts to RAM. All the data on the disk is never decrypted, even when you are working in your OS.
Can you explain a bit on how the key erasure works? AFAIK TPM only refuse to release the key when certain PCR dont match, is there a setting to let it erase key?
The key is only released into ram, so unless the thief can read content from ram they cannot easily decrypt your disk. And most common thief probably do not have that ability.
That being said, you do need a login password to prevent the thief straight up booting into your OS and copy everything using the file manager…
One of the advantage of using TPM with FDE, is that you can use a much longer random password. If I dont use TPM I am forced to use a password I can remember, which is likely the same password I use somewhere else. This means if someone close to me stole my laptop, they will have reasonable chance of guessing my password.
xorg is a old implementation of x11, which is basically abandon-ware right now. No one is adding feature to it, testing it, or fixing security vulnerabilities. It also lack some common-sense security feature: for example every program can get every input (keyboard and cursor location) without root, so a key logger is trivial to implement in xorg.
Wayland is newer, with more features (reasonable multi-monitor support, one-to-one gestures, etc). But many application framework and hardware have poor support for it, because it is slightly newer (developed on 2008, so not that new any more). Notably, electron and nvidia are typically the worst offender, like everything on linux, but both has come a long way.
I have wayland on my laptop, since one-to-one gesture is a must for me, and I present quite often using that laptop. My desktop is on xorg, since I have a nvidia GPU and use quite a lot of electron app.
I would add, even my last Windows machine surface laptop 2 with latest windows 11 don’t have this feature. it is so awkward, I just stopped using gesture all together.
Yes, exactly, I think it is pretty clear that the linux community is moving towards wayland. Most distro and desktop environment are all in the process of removing xorg slowly.
On the other hand if most of your school’s money is in some investment firm, instead of invested in the wellbeing and learning of your employees and students. And you have a investor as the person with the highest salary.
Then your “school” is more of a financial institution than a school. And probably should be taxed as such.
And there are five of us who can afford figs for everyone forever, but decided to use that money to lure underaged teens for orgy outside in some secluded islands.
Why is the Republic said to be red? Everyone may have asked this question hundreds of times, and teachers and parents have already given the answer: That is because the Republic was bought with the blood of heroes, and the blood of the Republic contains the red genes and red blood of the heroes. Tradition.
Ok I have a question. I’m kinda a noob when it comes to privacy. I’ll follow the guides and do the things to try to minimize ad companies selling my data etc....
It can be the website you are browsing have trackers that share data with facebook, and facebook was able to infer you guys are in the same household via IP information (ISP also sales you info BTW), and push the ad to her. Or facebook might think that you guys could be the same person or have similar interest etc.
IT support work be like (lemmy.world)
"Ar... Are you okay?" (lemmy.world)
New Linux user here. Is this really how I'm supposed to install apps on Linux?
mullvad.net/en/help/install-mullvad-app-linux...
Thoughts on Post-Open Source? (www.theregister.com)
TLDR: Companies should be required to pay developers for any open source software they use....
Northern star gang (sh.itjust.works)
Is anyone here using their hardware TPM chips for credentials?
I’m curious about the possible uses of the hardware Trusted Protection Module for automatic login or transfer encryption. I’m not really looking to solve anything or pry. I’m just curious about the use cases as I’m exploring network attached storage and to a lesser extent self hosting. I see a lot of places where public...
Gastronomical Masterpiece (lemmy.world)
Firefox 121 Now Available With Wayland Enabled By Default (www.phoronix.com)
I need some help with linux energy management and hibernation
Hi there!...
Score (lemmy.world)
They don't understand. We built these machines so that we can work more. (startrek.website)
For real tho (lemmy.world)
Me too (mander.xyz)
This truly is the year of the linux desktop (lemmy.world)
Comrade (mander.xyz)
iPhone is listening
Ok I have a question. I’m kinda a noob when it comes to privacy. I’ll follow the guides and do the things to try to minimize ad companies selling my data etc....
Rust's static linter is called "Clippy" for a reason.