Fedora configuration: Lockscreen bypass, hardening

On windows it is recommended to use Bitlocker with TPM + PIN configuration with hibernate mode. This requires the TPM PIN to be entered each time you login.

On Fedora, how secure is the lockscreen in terms of data protection? When I lock my screen, are the decryption keys still stored in ram, or are they flushed somehow?

I’ve been trying to find more documentation on this

Your data is decrypted when you turn on the machine, and stays decrypted until you power it off. There is no encryption-based protection enabled by your lock screen.

1 Like

GNOME is working on supporting systemd-homed, which does discard the decryption keys when you lock your device.

See also: