I’m comfortable with boot having a either a plaintext key or two key halves to XOR together, used to unlock the base OS. I honestly don’t trust a TPM to store this, and as long as the OS is designed to guard the key from all but root, I don’t see any security issue.
I’m comfortable with boot having a either a plaintext key or two key halves to XOR together, used to unlock the base OS. I honestly don’t trust a TPM to store this, and as long as the OS is designed to guard the key from all but root, I don’t see any security issue.