Using TPM to unlock LUKS/dm-crypt volume
I am trying to understand the risks of configuring passwordless decryption via TPM of a LUKS/dm-crypt system with something like:
systemd-cryptenroll –tpm2-device=auto –tpm2-pcrs=0+1+2+3+4+5+7+8 /dev/disk/by-uuid/XXX-XXX
The idea would …