you dont need a TPM to do that on the rpiEncrypted file system is better but it needs TPM - otherwise the device cannot reboot automatically without somebody entering the password.
the keys can be stored in the CPU, and whatever boots on the pi can read the keys
secure-boot then limits what can boot, so only authorized code can read the keys and mount the fs
Statistics: Posted by cleverca22 — Sat Oct 05, 2024 12:10 am