@kernellogger Wow, great overview! Thanks for sharing, I learned a lot again.
On my previous installation, Fedora Silverblue 39, I experimented with automatic TPM2 unlock and had some heated discussions in my team. But that it's even worse I didn't anticipate.
At the moment I use FIDO2, and I guess a similar attack might be feasible if the attacker could get hold of my hardware token as LUKS only checks for presence. I believe my token does not support unlocking with PIN entry that I could at least use with TPM2.
=> More informations about this toot | View the thread | More toots from fluchtkapsel@nerdculture.de
=> View kernellogger@fosstodon.org profile
text/geminiThis content has been proxied by September (ba2dc).