Date: Sat, 29 Oct 2022 14:04:25 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 260138] TPM2 Support in bootloader / kernel in order to retrieve GELI passphrase Message-ID: <bug-260138-227-aUtyF1mW1A@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-260138-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260138 --- Comment #3 from s.adaszewski@gmail.com --- Since for the moment there does not seem to be that much traction for integrating it upstream, I have created a separate Git repository: https://github.com/sadaszewski/freebsd-patch-geli-password-from-tpm2 which can somewhat intelligently patch any FreeBSD source tree and allows to build the TPM2-passphrase-aware bootloader and kernel. I hope this will facilitate use by people who actually want/need it. I will also start putting some unit tests in there, in particular for the TPM code using swtpm + libtss2-tcti-swtpm - hopefully in the future all of it can be mostly test-covered. Soon, I will also throw in some scripts that automate the TPM2 setup. I also think about making a slight rewrite in a separate branch that would indeed use TPM2 encrypting facilities rather than NV store, as suggested in the mailing list thread. I can now see how this would be a much better solution overall - with the config and encrypted passphrase that could reside simply in a file on the EFI partition. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260138-227-aUtyF1mW1A>