Ubuntu to add TPM-backed full-disk encryption

Posted Sep 7, 2023 18:40 UTC (Thu) by somlo (subscriber, #92421)
In reply to: Ubuntu to add TPM-backed full-disk encryption by mb
Parent article: Ubuntu to add TPM-backed full-disk encryption

A carefully maintained kickstart (e.g., this Fedora 38 example, combined with up-to-date (rsync-based) backups of /home can get you *most* of the way there.

Of course, it requires a certain amount of discipline (don't install or modify anything outside /home willy-nilly without also making the corresponding changes in the kickstart file; package extra software as RPMs in a site-local repo, etc.).

It's probably not something to be expected in the average, garden-variety "pet" workstation, but it can be done :)

Ubuntu to add TPM-backed full-disk encryption

Posted Sep 8, 2023 7:45 UTC (Fri) by abo (subscriber, #77288) [Link] (1 responses)

After I switched to using toolbx/distrobox it became really easy to leave the OS alone.

Ubuntu to add TPM-backed full-disk encryption

Posted Sep 9, 2023 21:40 UTC (Sat) by salimma (subscriber, #34460) [Link]

This. I manage my distrobox containers with Ansible, so it's easy to have a consistent environment across different host machines and different containers (eg I might want a Fedora Rawhide dev environment to reproduce build issues with an upcoming Python release)