[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v11 00/20] Automatic Disk Unlock with TPM2
|
From: |
Gary Lin |
|
Subject: |
Re: [PATCH v11 00/20] Automatic Disk Unlock with TPM2 |
|
Date: |
Mon, 15 Apr 2024 17:45:24 +0800 |
On Fri, Apr 12, 2024 at 12:24:36PM -0400, Stefan Berger wrote:
>
>
> On 4/12/24 04:39, Gary Lin via Grub-devel wrote:
> > GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11
> >
> > This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
> > Hernan Gatta to introduce the key protector framework and TPM2 stack
> > to GRUB2, and this could be a useful feature for the systems to
> > implement full disk encryption.
>
> You also need to extend the documentation with the command line steps and a
> IMO there has to be a warning for VM users that sealing to PCRs inside a VM
> is dangerous since the next packages update may bring an update to TianoCore
> UEFI/SeaBIOS/SLOF/... showing different PCR values and unsealing will not
> work then.
>
For baremetal users, it still could happen after upgrading the firmware.
We surely need a place to notice users this situation when using PCR
0~7.
Thanks,
Gary Lin
- [PATCH v11 16/20] cryptodisk: Fallback to passphrase, (continued)
- [PATCH v11 16/20] cryptodisk: Fallback to passphrase, Gary Lin, 2024/04/12
- [PATCH v11 15/20] tpm2: Implement NV index, Gary Lin, 2024/04/12
- [PATCH v11 17/20] cryptodisk: wipe out the cached keys from protectors, Gary Lin, 2024/04/12
- [PATCH v11 12/20] cryptodisk: Support key protectors, Gary Lin, 2024/04/12
- Re: [PATCH v11 00/20] Automatic Disk Unlock with TPM2, Stefan Berger, 2024/04/12
- Re: [PATCH v11 00/20] Automatic Disk Unlock with TPM2,
Gary Lin <=