Jonas Witschel

The StackOverflow question ["Import module deadlock (using Py_NewInterpreter)"](https://stackoverflow.com/questions/23675729/import-module-deadlock-using-py-newinterpreter) appears to be related: > Using multiple interpreters is incompatible with extensions that call `PyGILstate_Ensure`, such as PySide (check the backtrace). It's...

Regarding the necessary `CAP_DAC_OVERRIDE` capability, see #289 for more information and an alternative to adding this potentially dangerous capability.

If I understand correctly, this is currently unsupported by the [tpm2-tss](https://github.com/tpm2-software/tpm2-tss) library that this project relies on: calculating a CMAC on a TPM seems to require using the `TPM2_MAC` command,...

> > Thanks for the explanation. MITRE seems to have a pretty broad license[1](https://github.com/archlinux/arch-security-tracker/issues/198#user-content-fn-1-2b06b44212a95dfd897ee5fb2b0bbab8) and explicitly allows derivative works and sublicensing: > > Right, but since we reuse a text...

> * We do write the impact, and mitigation sections of the ASA. The impact is indeed usually written completely by us. Mitigations are often taken from the upstream advisory...

This should hopefully be fixed by #794, could you test whether applying that patch removes the ``` dracut-initqueue[518]: Failed to start [email protected]: Unit [email protected]: Unit [email protected] not found. ``` error?

I like `init` and `show` - the latter also matches the naming of the [`show-tpm2-totp`](https://github.com/tpm2-software/tpm2-totp/blob/master/dist/show-tpm2-totp) helper that we use internally. > P.S.: I hope, creating a number of issues is...

Good point! I don't think we want PCR 6 because this register measures every suspend to disk event (and fails to calculate the TOTP afterwards accordingly), which I don't think...

> Not sure, but I believe one could argue, that PCR 6 is indeed very essential to protect against evil maid attacks - after all, during S3 / suspend-to-RAM, an...

> Hmm, I'd say all threat models that `tpm2-totp` is supposed to protect against currently, already fall into the category of 'tampering', e.g. reflashing the firmware/Option ROMs, manipulating the ESP,...