- cross-posted to:
- linux@lemmy.ml
- cross-posted to:
- linux@lemmy.ml
OpenSuse leading the development in regards to boot security, an area in which Linux Distros are lagging behind other operating systems.
Full Disk Encryption is designed to protect data in cases of device loss, theft or unauthorized booting into an alternative operating system. Depending on the hardware configuration of a system, Aeon’s encryption will be set up in one of two modes: Default or Fallback.
Default Mode:
This mode utilizes the Trusted Platform Module(TPM) 2.0 chipset […], Aeon Desktop measures several aspects of the system’s integrity. These including:
- UEFI Firmware
- Secure Boot state (enabled or disabled)
- Partition Table
- Boot loader and drivers
- Kernel and
initrd
(including kernel command line parameters)These measurements are stored in the system’s TPM. During startup, the current state is compared with the stored measurements. If these match, the system boots normally.
Is this different from UKI? If so, how? Thanks in advance!