I’m setting up FDE and wonders which one is better. “LVM over LUKS” or “LUKS over LVM”? Or something else? Does one is definitely better then the other? What are your preference?

Thanks.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    TPM has been bypassed. Researches found a lot of laptops where you can just attach wires to the TPM communication lines and you can just listen and wait for the TPM to spit out the key.

    It’s a hardware attack so game over. But still worth doing especially on servers and desktops because then it’s still much more of a skilled attack than someone just stealing the drives. Especially servers with their front drive bays you can literally just pop the drive. And if the drive dies and you can’t erase it, it’s fine, you can throw it away and not care because it’s FDE so you can just throw away the keys.