[dm-crypt] LUKS disk encryption with remote boot authentication
eternaleye at gmail.com
Sat Oct 18 01:51:52 CEST 2014
Alex Elsayed wrote:
> Well, it actually _is_ entirely possible:
> If your machine has a TPM (yes, big 'if', but many laptops do although
> embedded boards don't), then tpm-luks uses the TPM to store the
> cryptsetup key in the TPM's nvram, such that it can only be extracted if
> everything is unmodified.
Gah, forgot my footnote.
More information about the dm-crypt