dann frazier
dann frazier
I'm unable to reproduce. I have a working clevis setup on focal (using latest `clevis` packages from focal-proposed), I installed `yubikey-luks` and confirmed I have `splash` & `quiet `on the...
A user can edit the GRUB command line, or bypass GRUB altogether. If you enable a TPM pin, it seems like you're just taking the risk that an attacker will...
I should be clear that I've never used TPM-based disk encryption, so I don't really understand the guarantees. Recovery mode is enabled by a kernel command line argument (`single`). It...
PCR ID 8 appears to store the kernel command line hash (per https://wiki.archlinux.org/title/Trusted_Platform_Module). I tried sealing some data to that hash: ``` $ echo secret > PT $ cat /proc/cmdline...
@ferdnyc @cole-seph-work I do agree that upgrading kernels with measured boot is not a smooth story - I'm not sure what work is being done in that area. But if...
> A testing python package has been uploaded to testing PyPI https://test.pypi.org/project/usn/ . Awesome! > @dannf you may want to have a look of the package page on testing PyPI...
I like that we're helping users "bootstrap" an autoinstall configuration from `ubuntu-server-netboot`, but I'm wary about trying to document the autoinstall syntax/features too much here. I'd prefer if we could...
Sure, it's possible, but would require some work. The issue I see is getting copies of `pxelinux.0` and `ldlinux.c32` (is that even needed?) from somewhere. There is an unused `download_pxelinux()`...
I think we should keep this open because it would be nice to not have to install Ubuntu before you can install Ubuntu :) One other blocker here is that...
I'm seeing this both on cosmic and Debian unstable.