Protecting against rogue devices in openSUSE with Full Disk Encryption openSUSE have now multiple ways to configure a Full Disk Encryption (FDE) installation...
As I understand it the TPM is for people who have physical access. It prevents them from cloning your disk.
I think with an adequately long password (or an adequately resource-intensive encryption algorithm) you can secure your disk enough to prevent unauthorized access. But the TPM would prevent them from removing your hard-drive and shunting it into a super-computer (so all password attempts wouldn’t need to be on the crummy 10-year old laptop CPU) so a TPM + password is more secure.
I’ve read the arguments and trust the people who know far more than I do about this, but… I just find it difficult to think of “unlocks automatically” as more safe than “is locked until I enter my password”. I’m open for it, but it just feels strange to me.
As I understand it the TPM is for people who have physical access. It prevents them from cloning your disk.
I think with an adequately long password (or an adequately resource-intensive encryption algorithm) you can secure your disk enough to prevent unauthorized access. But the TPM would prevent them from removing your hard-drive and shunting it into a super-computer (so all password attempts wouldn’t need to be on the crummy 10-year old laptop CPU) so a TPM + password is more secure.
I’ve read the arguments and trust the people who know far more than I do about this, but… I just find it difficult to think of “unlocks automatically” as more safe than “is locked until I enter my password”. I’m open for it, but it just feels strange to me.