Hacker News new | past | comments | ask | show | jobs | submit login

The "new" way of doing this would be using systemd-cryptenroll [0]. I did this recently on Ubuntu 24.04. I actually tried the default LUKS+TPM shipped with Ubuntu 24.04 at first [1], but it was a bit disappointing because it locks you into using snap-based kernels. This means you cannot install custom DKMS modules (which I needed). Although Clevis is very interesting software (you can even unlock based on some other computer in your network [2]), it's not absolutely required anymore for LUKS+TPM.

[0] https://fedoramagazine.org/use-systemd-cryptenroll-with-fido...

[1] https://ubuntu.com/blog/tpm-backed-full-disk-encryption-is-c...

[2] https://docs.redhat.com/en/documentation/red_hat_enterprise_...




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: