Possibility to use TPM Chip for Encryption

SeverusM · February 27, 2021, 5:35pm

Hi,

Is there any solution to use a laptop with a TPM Chip for an encrypted drive, kind of like Bitlocker does on Company Laptops.
I found a few things, but no clear answer somehow everything I found said something totally different.

Anyone has a working setup and has some insights if it is somehow possible? Which doesn’t require the hassle of typing in twice the password or changing the key after every update?

jonathon · February 27, 2021, 7:02pm

Yes, see the Arch wiki page:

https://wiki.archlinux.org/index.php/Trusted_Platform_Module

and the recent ArchConf 2020 talk “Protecting secrets and securing the boot process using a Trusted Platform Module (TPM)”,

SeverusM · February 27, 2021, 8:10pm

But that would mean you have to manually recalculate the key after every Update right? I mean how can you avoid this hassle? Cause this isn’t practical at all.