Protecting against rogue devices in openSUSE with Full Disk Encryption openSUSE have now multiple ways to configure a Full Disk Encryption (FDE) installation...
What makes TPM+pin safer than just having a normal LUKS password? I would think it would be the same amount of security just with more chance of data loss if your computer gets damaged
TPM is used for measured boot. Measured boot can check various parts of the system to ensure they are the expected values haven’t been tampered with. You don’t want a part of the system to be replaced with malware and not realize it.
If it detects something changed, it won’t release its secret. It may signal to you that something malicious was done or something benign that the OS updated didn’t account for.
What makes TPM+pin safer than just having a normal LUKS password? I would think it would be the same amount of security just with more chance of data loss if your computer gets damaged
TPM is used for measured boot. Measured boot can check various parts of the system to ensure they are the expected values haven’t been tampered with. You don’t want a part of the system to be replaced with malware and not realize it.
If it detects something changed, it won’t release its secret. It may signal to you that something malicious was done or something benign that the OS updated didn’t account for.
Interesting, how do you recover from that and get your data back?
A recovery code. I did a test install of Aeon and was given the code: dhnhlgc-fbndjbni-ufrkcfnk-nfebvtut-ftkkiiur-tijidtub-hujnucgu-erduhije
64 digits, but only alphabetical and a certain subset (16/26) due to weirdness of keyboard layouts.