Episode Details

Wes' self-decrypting bcachefs disk and a GrapheneOS twist that'll make you ditch your iPhone.

Sponsored By:

• Core Contributor Membership: Take $1 a month of your membership for a lifetime!
• Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!
• 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.

Support LINUX Unplugged

Links:

• 💥 Gets Sats Quick and Easy with Strike
• 📻 LINUX Unplugged on Fountain.FM
• clevis — Clevis is a pluggable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes.
• bcachefs Encryption
• What measured boot and trusted boot means for Linux
• Automatically decrypt your disk using TPM2 — Entering the passphrase to decrypt the disk at boot can become quite tedious. On modern systems a secure hardware chip called “TPM” (Trusted Platform Module) can store a secret and automatically decrypt your disk. This is an alternative factor, not a second factor. Keep that in mind.
• Use systemd-cryptenroll with FIDO U2F or TPM2 to decrypt your disk
• Automatic LUKS 2 disk decryption with TPM 2 on Fedora
• Safe automatic decryption of LUKS partition using TPM2 | 221b
• FOSDEM 2024: Clevis/Tang - unattended boot of an encrypted NixOS system
• Clevis & Tang on NixOS Slides
• Decrypt LUKS volumes with a TPM on Fedora Linux

• Listen Now