Full Disk Encryption in openSUSE using systemd, TPM2 and FIDO2 keys

Learning about sdbootutil

Alberto Planas

Playlists: 'osc25' videos starting here / audio

With the integration of systemd-boot or grub2-bls bootloaders in the distribution, both (partially) following the boot loader specification (BLS), we have the chance to use the systemd tools to set a full disk encryption installation using TPM2 and FIDO2 keys.

The sdbootutil is managing both aspects, the BLS integration and the FDE configuration. In this talk we will present how this model works in openSUSE and how can be used and troubleshooted.

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/

Download

Embed

Share:

Tags