I have a question, that I know is going to sound a little silly, but I know dumb questions can sometimes be more complicated to answer.
I know the Librem Key was designed to store and generate GPG keys and other forms of passwords, and store it securely, but is there a way to use this thing on PC? My idea is I would like to buy two, and just have one always plugged in to my PC, and the one on my keychain that I carry would be for my Librem 13 laptop. That way I don’t have to unplug the backup Librem Key from my PC, and then attach it back on my keychain again, which might be a little annoying.
The thing is I don’t know if GRUB supports GPG key decryption of hard drives, nor do I know if there is a GRUB module or such that can support the Librem Key to just read a key out from it.
I understand that the purpose of the key is to use either the TPM, or BIOS (or both) in order to securely check for tampering, and decrypt any encrypted partitions on the drive, but I was hoping that GRUB and encrypted partitions would be good enough that I would not need some UEFI implementation. I may want to disable UEFI anyway. But if it really is the only option, then what about disk decryption with a key file and simple passphrase combo (two-factor)?
Has anyone successfully gotten a good Librem Key/Nitrokey Pro 2 setup on their PC to do something like this? I would love to know.