An explanation of how to enable secure boot on NixOS, using a community project named ‘Lanzaboote’, and further how to automatically unlock a LUKS-encrypted disk using a TPM with systemd-cryptenroll.| jnsgr.uk
I have lately been trying to learn more about the Trusted Platform Module (TPM) as they are capable of key creation and sealing secrets in a secure manner. They are common hardware these days and make for a reasonable ways to store secrets. age is a file encryption/decryption tool from Filippo Valsorda which a lot of people have been using to replace GnuPG for things like password-store. It has a few plugins doing things like storing keys on Yubikey, Trezor hardware wallets or the Apple Secur...| linderud.dev