@kernellogger Thanks for the great article and documentation! Ironically I started fiddling with TPM-based LUKS decryption during bootup recently and I asked myself those questions (as most guides online will only suggest measuring PCR 1 and 7, e.g. when using Clevis. Which might be sufficient if the threat model is considering it secure enough).
I fear securing bootup on Linux will take years, even if the tools like systemd's features are already in place.
=> More informations about this toot | View the thread | More toots from elfy@chaos.social
=> View kernellogger@fosstodon.org profile
text/geminiThis content has been proxied by September (ba2dc).