• akash_rawal@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    11 months ago

    TPM stores the encryption key against secure boot. That way, if attacker disables/alters secure boot then TPM won’t unseal the key. I use clevis to decrypt the drive.