You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the user provides a trusted EK, we could verify that an interposer is not present (also we could provide a TOFU (trust on first use) for EK and verify before enrolling luks keys
Kernel 6.10 and above already disables tpm2 if the tpm is reset by an interposer, enabled by CONFIG_TCG_TPM2_HMAC and is enabled by default of x86_64 , this is disabled by default on arm64 since there's reports of very slow tpm initialization.
The text was updated successfully, but these errors were encountered:
Feature Request
Ref:
Description
If the user provides a trusted EK, we could verify that an interposer is not present (also we could provide a TOFU (trust on first use) for EK and verify before enrolling luks keys
Kernel 6.10 and above already disables tpm2 if the tpm is reset by an interposer, enabled by
CONFIG_TCG_TPM2_HMACand is enabled by default ofx86_64, this is disabled by default on arm64 since there's reports of very slow tpm initialization.The text was updated successfully, but these errors were encountered: