Installer - What's enabling "Trusted boot" supposed to achieve?

Hello,

Can you guys help me understand what enabling the “Trusted boot” option during installation is supposed to achieve?

I’ve been experimenting with it both ON and OFF and my expectation was that it would automatically set-up unattended boot with TPM, however it seems to make no difference whether I toggle it ON it or leave it OFF, I still have to manually configure unattended boot as described [here] (Grub2 setup, not systemd-boot).(SDB:Encrypted root file system - openSUSE Wiki)

So what is the point of that setting?

This setting enables measurements of the boot process by grub2 into TPM PCR, that’s all. On legacy BIOS platform it also uses different build of grub2 (Trusted GRUB2), on EFI platform it simply enables measurements.

Those measurements are useless by themselves as you already found. Something needs to actually use them to implement “trusted” part.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.