>Most Linux distributions don't even enable FDE by default, and even when they do, they frequently use the exact same system as BitLocker (automated unlock sealed to TPM PCRs)
replyDo they? Any time I've done FDE it's always been luks with a password, I've never seen one go for TPM by default!
I've only recently implemented luks+TPM on a personal laptop (and that was a PITA to do).
Ubuntu does this with Hardware Backed Encryption option in the installer, which I think they’re trying to move up the list (it’s already the default in Ubuntu Core, which makes sense for that application).
replyI didn’t find it too difficult to set up TPM backed encryption on Arch using systemd-cryptenroll for my home server, although for anything I use interactively I just use a passphrase instead.
I've not seen a Linux system using a TPM to unlock encrypted drive(s). When I enable it on laptops etc, I have to manually enter the passphrase.
reply