You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To be an all-round daily driver OS, it would be nice if Serpent-OS would easily enable full-disk encryption with automatic decryption, utilising TPM.
To put it in simple terms: When I start my computer, I'd like to be greeted by the login screen, without any password to put in for disk encryption. While on the other hand, I want to have my data encrypted at rest. Not only my $HOME, but also any configuration settings that reside elsewhere (/etc, or /var and /opt, for example).
Though other options exist, like systemd-homed, for instance, but as far as I know these options only protect $HOME.
So, I think it should be something like this:
Create Luks volume and instal in there (btrfs?)
Setup Secure Boot signing (MOK keys) and enable Secure Boot
Configure TPM decryption (check Debian wiki) for Luks volume
Though I don't know the partition layout of Serpent-OS (I only ran the live session), it could be an option to just make one big BTRFS volume to store everything in. Even Swap Files are supported now.
Caveat: Hybernation will not work with Secure Boot enabled.
Maybe something to ponder about :)
And furthermore: keep up the great work with Serpent-OS. I think it has enormous potential and the speed at witch you are developing is stellar!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Serpent OS
-
To be an all-round daily driver OS, it would be nice if Serpent-OS would easily enable full-disk encryption with automatic decryption, utilising TPM.
To put it in simple terms: When I start my computer, I'd like to be greeted by the login screen, without any password to put in for disk encryption. While on the other hand, I want to have my data encrypted at rest. Not only my $HOME, but also any configuration settings that reside elsewhere (/etc, or /var and /opt, for example).
Though other options exist, like systemd-homed, for instance, but as far as I know these options only protect $HOME.
So, I think it should be something like this:
Though I don't know the partition layout of Serpent-OS (I only ran the live session), it could be an option to just make one big BTRFS volume to store everything in. Even Swap Files are supported now.
Caveat: Hybernation will not work with Secure Boot enabled.
Maybe something to ponder about :)
And furthermore: keep up the great work with Serpent-OS. I think it has enormous potential and the speed at witch you are developing is stellar!
Beta Was this translation helpful? Give feedback.
All reactions