How can I set up TPM and secure boot for Linux like BitLocker?

For more information on transitioning to Linux, check out the migration page in our wiki or the tips available in our sticky posts. These resources can help make your switch smoother!

While I can't speak for Cachy specifically, I'm using Fedora with full disk encryption and TPM 2.0 for unlocking using systemd-cryptenroll. You can find details on the Arch Wiki for Arch-based systems, but for Fedora, I needed to enable the tpm2-tss kernel module and modify my cryptenroll settings. It’s definitely doable! Here are some links to set things up: ArchWiki: https://wiki.archlinux.org/title/Systemd-cryptenroll and a Fedora article: https://fedoramagazine.org/use-systemd-cryptenroll-with-fido-u2f-or-tpm2-to-decrypt-your-disk/.

Just to clarify, don't think of Linux in the same way as Windows when it comes to installation and running applications. If you stick to installing software from your distro's repository, your system should be safe. Addressing your concerns—if you're just gaming and not dealing with sensitive data, the need for measures like LUKS might be lower, especially if you're not worried about someone physically accessing your PC.

Absolutely! LUKS does support storing encryption keys in your TPM with tools like systemd-cryptenroll. Many Linux distros now support Secure Boot, but I’m not sure if CachyOS is one of them. Just remember that Secure Boot is not directly related to disk encryption; it’s more about secure startup.