I've tried using Linux a few times but never switched completely because my main use is gaming. Previously, I had BitLocker enabled on Windows, which utilizes TPM and Secure Boot for security. With the improvements in Linux gaming, I've decided to try CachyOS this time around. During installation, I enabled disk encryption, likely using LUKS, but I don't want to enter my lengthy 32-character password every time I boot. I'm looking for a solution similar to BitLocker that allows me to leverage TPM and Secure Boot, so I can skip typing in the password while still keeping my system secure. Is there an easy way to set this up on Linux like in Windows, or should I just keep my PC in sleep mode instead of shutting it down?
3 Answers
You're in luck! LUKS does support TPM key storage with tools like systemd-cryptenroll. Many distros now support Secure Boot, but I'm not sure about Cachy's support specifically. Just keep in mind that Secure Boot doesn’t directly relate to disk encryption; it mainly ensures that your system starts securely.
On my Fedora setup, I use full disk encryption unlocked by TPM2 with systemd-cryptenroll. Although I’m not sure about CachyOS specifically, you should find similar info in the Arch Wiki. For Fedora, I had to load the tpm2-tss kernel module and modify /etc/cryptenroll. You might want to check those links for detailed steps!
I see your concerns! But remember, if you're primarily gaming, robust security like LUKS isn't always necessary unless you're dealing with sensitive data. Just make sure you’re installing from trusted sources, and that should keep you safe without overcomplicating your setup!
Thanks for clarifying! I just wanted to make sure I'm not missing out on essential security measures. Sounds like keeping it simple might be the best way forward.