{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigtnfmwr2suvp47o7a4fovw2t37tozks6zhor7lo5wuypluyjbiei",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3ml2dhhzgj362"
  },
  "path": "/t/fedora-sealed-bootable-container-images-possibly-opening-the-door-to-a-fully-verified-boot-chain/37611#post_2",
  "publishedAt": "2026-05-04T17:26:49.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "> The main direct benefit that we will get from this support is that we will be able to enable passwordless disk unlocking using the TPM in a way that will be reasonably secure by default.\n\nThat seems the marginal gain. We can do the verified boot chain (Secure Boot PCR 7 + UKI PCR 11) using TPM in other distros like Arch but it will request your passphrase.\n\nIf you want the same convenience in Arch you need to drop the UKI verification.\n\nIt is nice to see immutable distros like the ones from Fedora getting the full chain validate with the convenience of a single password.",
  "title": "Fedora Sealed Bootable Container Images, Possibly Opening the Door to a “Fully Verified Boot Chain”"
}