OpenSuse leading the development in regards to boot security, an area in which Linux Distros are lagging behind other operating systems.

Full Disk Encryption is designed to protect data in cases of device loss, theft or unauthorized booting into an alternative operating system. Depending on the hardware configuration of a system, Aeon’s encryption will be set up in one of two modes: Default or Fallback.

Default Mode:

This mode utilizes the Trusted Platform Module(TPM) 2.0 chipset […], Aeon Desktop measures several aspects of the system’s integrity. These including:

  • UEFI Firmware
  • Secure Boot state (enabled or disabled)
  • Partition Table
  • Boot loader and drivers
  • Kernel and initrd (including kernel command line parameters)

These measurements are stored in the system’s TPM. During startup, the current state is compared with the stored measurements. If these match, the system boots normally.

  • bsergay
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    Is this different from UKI? If so, how? Thanks in advance!