Configuring TPM by example
In this exercise, we’ll implement the automation of a storage volume’s decryption by storing an encryption passphrase within the TPM securely. Doing such in a real-world appliance makes your solution more secure and prevents having to share the encryption passphrase with the public, hence, by nature, making your solution vastly more secure.
Requirements for the exercise
For this lab, I installed Fedora40 (Workstation Edition) onto bare-metal hardware. During this installation, I created a 500 MiB encrypted XFS filesystem mounted onto /data. I used TPMmaster2024 as the encryption key.
Here’s what that setup looked like during the creation process:
Figure 7.2 – Encrypted filesystem setup during Fedora installation
Upon completion of the installation, when the system boots, we are prompted to enter the LUKS key in order to boot and mount that filesystem:
Figure 7.3...
