When I installed openSUSE I chose to encrypt the root filesystem and swap.
If I use the TPM such that I don’t need to type in a passphrase to boot up what happens if the TPM or (more likely) motherboard dies, or I accidentally press that ‘reset CMOS’ button, reset BIOS etc? Will the boot process revert to what I experience now? … that is, entering my passphrase twice.
Thank you
As long as a LUKS2 device will have a “normal” password slot, you will be able to unlock it by entering this password. Without exact steps to “use the TPM such that I don’t need to type in a passphrase to boot up” it is impossible to predict what happens if TPM is changed.
I actually just implemented this about an hour ago following along with SDB:Encrypted root file system - openSUSE Wiki
What happens here, is there are multiple (8 for luks, 32 for luks2) luks “keyslots” and when you add the TPM keyslot, that just means it is another way to unlock your luks encrypted drive.
If your TPM resets, dies, whatever, you can still decrypt with your password that you have now.
NOTE, the directions in the above link aren’t clear on exact steps, but here is what I did.
Hope that helps, and good luck!
Exactly what I wanted to hear! Thank you. Your link is the guide I’m reading through, fingers crossed it’ll all go to plan!
Thank you for the replies