Morten Linderud
Morten Linderud
`sbctl sign --save`
I don't really use `kernel-install`, so if it solves a problem you have please do send a patch :)
The issue is that `passphrase` implies that you write a longer passphrase. The point of using "PIN" to tell people that with DA procetion you can have a 4 digit...
I'll need to think a bit. Internally in the codebase I think it's better to use `userauth` instead of `pin` or `pass` to better convey what it actually is in...
Okay, I've decided. Drop the change from "pin" to "pass" in the codebase as I plan on changing the references to "userauth" which is the correct word in the context...
This is known. TPMs doesn't really support SHA-512 and for this to work I need to implement the signing operation on another layer.
You need to remove `rsa-sha2-512` as a valid signature algorithm. I can't remember from the top of my head how you do this.
Been working out this support for RSA keys lately. The WIP patch solves this, but I need to clean this up as I'm borrowing code form the Go stdlib. https://github.com/Foxboron/go-tpm-keyfiles/commit/7c417ef54dded774b57bed1415aa4bdc7665cfab
I've pushed the implementation from `go-tpm-keyfiles` and it should work. Will be part of the next release.
Yep, this sounds like a bug :) Thanks!