I tried this on Workstation a few months ago and it worked like a charm.
Idea is that encrypted volume is automatically decrypted on boot using tpm2 chip.
More info here: https://techrevelations.de/2019/02/04/tpm-encryption-in-fedora-linux/
Currently, the only possible problem I see is clevis-dracut package. Would this work with rpm-ostree initramfs --enable option?
Or does maybe someone has a better approach for this use-case?
I use such a setup as my daily driver so I can confirm that you can do this with some caveats, namely that Silverblue does not actually validate the integrity of initramfs images or kernel command line parameters under Secure Boot, allowing for pretty trivial bypassing of the TPM security if someone has extended access to your machine (see initramfs: signature checks · Issue #1920 · coreos/rpm-ostree · GitHub).
You will indeed need to enable client side initramfs generation for this after layering the clevis packages and doing a sudo clevis luks bind -d /dev/whatever tpm2 '{"pcr_bank":"sha1","pcr_ids":"7,11"}' (7 and 11 are what Bitlocker uses, which is better than just the 7 the post you found indicates).
Also you can fix the password prompt appearing during TPM decryption with the following:
Doesn’t this defeat the purpose of encryption your system? One would simply
need to get ahold of your system to get unencrypted access to your data. If
you don’t lock down GRUB, you’ve just handed over your system. If you don’t
lock down your BIOS, you’ve handed over your system. Otherwise, one would just
read your TPM’s keys, or, if that’s not possible, just grab the TPM itself and
they’ve got your data. What’s wrong with decryption keys, either a device or
passkey to unlock the key?
Although arguably Dracut would then never get the chance to deencrypt the storage.
Imho if you want easy encryption where you don’t need to give friends/family the password to turn the computer on, the best choice is home directory encryption. TPM/Bitlocker works okay on Windows because the bootloader and the boot process is locked down, and until it’s the same on Linux I don’t see it being secure.
I guess some solution would be for dracut images to be signed by Fedora, which would break the Nvidia modeset driver, and only allow certain kernel arguments.
Although arguably Dracut would then never get the chance to deencrypt the
storage.
Why not?
Imho if you want easy encryption where you don’t need to give friends/family
the password to turn the computer on, the best choice is home directory
encryption
If that’s your goal, fine, just don’t expect any security value from it.
TPM/Bitlocker works okay on Windows because the bootloader and
the boot process is locked down, and until it’s the same on Linux I don’t
see it being secure.
The Windows bootloader isn’t locked down either. If you’re using a TPM to
unlock a Bitlocker volume, that’s just as easy to get as well.
I guess some solution would be for dracut images to be signed by Fedora,
which would break the Nvidia modeset driver, and only allow certain kernel
arguments.
And then you’d have no way to recover the system.
There’s no reason to be adverse to hardware tokens and passkeys. They work.
As with all security stuff, it all boils down to Who is your enemy?
For random dude that’s gonna steal your laptop it’s pretty safe, if you are targeted because of data then probably nothing will help.
There is no effective difference between just using a password on your user
account and using LUKS + TPM, in this aspect.
For “random dude that’s gonna steal your laptop”, just that password on your
account is enough to keep them from getting your data. However, here’s the
thing. Using LUKS+key with passphrase or physical token makes it much more
difficult for anyone to get your data, even, potentially, a state actor.
“Verified” does not mean that it just boots the OS, and nothing more. It also
has nothing little to do with the TPM. The TPM is just a key storage device.
When using UEFI + Secure Boot, it means simply that the signature of the PE
binary that was used to sign the bootloader is checked against a public key
stored on the TPM. That doesn’t mean you can’t just boot to recovery, or
Windows’ safe mode.
The Windows pre-boot environment (which I think exists on the recovery partition?) will ask for a recovery key if you try and do these with Bitlocker enabled, it won’t go through the TPM.
It actually depends on how you go about getting to the recovery prompt. I’m
not talking about BitLocker’s recovery, which happens a bit earlier in the
Windows boot process.
As for GNU/Linux systems, well, it’s just a kernel cmdline change. It has no
effect on the boot process or verification, unless you specifically configure
GRUB to require a password to change options or enter the console.