I used PopOS, but once they announced they’ll start focusing on their Cosmic desktop, I switched to Fedora KDE it worked to some degree until it crashed and I lost some data, now I’m on Ultramarine GNOME and it doesn’t seem to like my hardware ( fans are spinning fast )

my threat model involves someone trying to physically unlock my device, so I always enable disk encryption, but I wonder why Linux doesn’t support secure boot and TPM based encryption ( I know that Ubuntu has plans for the later that’s why I’m considering it rn )

I need something that keeps things updated and adobts newer standards fast ( that’s why I picked Fedora KDE in the first place ), I also use lots of graphical tools and video editing software, so I need the proprietary Nvidia drivers

Idk what to choose ಥ_ಥ ? the only one that seem to care about using hardware based encryption is Ubuntu, while other distros doesn’t support that… the problem with Ubuntu is there push for snaps ( but that can be avoided by the user )

security heads say: if you care about security, you shouldn’t be using systemd, use something like Gentoo or Alpine… yeah but do you expect me to compile my software after ? hell no

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    ·
    4 months ago

    security heads say: if you care about security, you shouldn’t be using systemd

    Yah, ignore that bullshit.

    • th3raid0r@programming.dev
      link
      fedilink
      arrow-up
      6
      ·
      4 months ago

      Yeah, no kidding. The same systemd that enables the very things OP is trying to enable…

      systemdboot + sbctl + systemd-cryptenroll and voila. TPM backed disk encryption with a PIN or FIDO2 token.

      AFAIK this should be doable in Ubuntu, it just requires some command-line-fu.

      Last I heard the Fedora installer was aiming to better support this type of thing - not so sure about Ubuntu.