Date: Wed, 15 Dec 2021 11:37:52 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 260138] TPM2 Support in bootloader / kernel in order to retrieve GELI passphrase Message-ID: <bug-260138-227-rGDYlAcVCI@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-260138-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260138 --- Comment #1 from s.adaszewski@gmail.com --- Added hard-coded PCR Extend on PCR8 to secure the case when the passphrase is stored in the TPM but not retrieved. Bootloader permits the boot of an arbitrary environment if the passphrase is not retrieved (i.e. no /.passphrase_marker check), therefore it needs to be ensured that the policy protecting the passphrase NVIndex includes PCR8 and therefore denies future access in such a case. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260138-227-rGDYlAcVCI>