• catloaf@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    5 months ago

    I’ve been curious about people who have been disabling the TPM. Where are you storing your disk encryption keys?

    • AMillionMonkeys@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      5 months ago

      I’m not using disk encryption. It’s a desktop and if it’s every stolen I’ve got bigger problems.
      Also, I presume that disk encryption makes it so you can’t just pop the drive in an adapter and pull stuff off it, which I sometimes need to do with old, retired drives.

    • AWildMimicAppears@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 months ago

      veracrypt is a thing, encrypting drives does not need TPM.

      Just boot using the good old Master Boot Record for a clean solution (The Veracrypt documentation gives a good overview). Veracrypt works with EFI too, but the EFI partition itself cannot be encrypted. You can even create a hidden OS, if you are forced to give out your password, theres still plausible deniability.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        5 months ago

        Thanks for the Veracrypt reminder. Adding that to my stuff to setup and document list.

        Sometimes Bitlocker really pisses me off.