Morten Linderud
Morten Linderud
Current idea is to probably just mirror the existing `ssh` client tooling and rely on the same assumptions. It turns out that all of the tools query the agent when...
Generally, when doing UX we can't do worse then whateverthefuck PKCS11 is currently doing; https://jade.fyi/blog/tpm-ssh/
Everything should be included with this change: https://github.com/Foxboron/ssh-tpm-agent/pull/21
Yes, but for that I'd like a `Reseal` API to function. So I need to learn how this works in Go, along with probably implementing missing apis in `go-tpm`. See...
I suspect having `-s` is an issue.
> But I just thought we can't leave the UKI generation feature in sbctl broken if this really get accepted. Fwiw, it's already "almost" broken as the `ukify` wrapper from...
Which files did you sign before rebooting?
Please describe what you are expecting `sbctl sign-all` to do in these cases. From what I can tell you haven't told `sbctl` to sign the given file with `sbctl sign...
`sign-all` isn't printing any files, so there isn't any enrolled files.
There is no way for us to know nor infer that. If the system follows BLS then we can figure out the current bootchain, and maybe inspect the efivariables for...