Lennart Poettering
Lennart Poettering
It showed up in July 2021, see linked bug reports. people then tried to "fix" this with a change in systemd that i think is simply the wrong place. I...
it does not.
btw, my current thinking about this, is that pid 1 allocates a socket, then connects it to the broker, does some minimal handshake, claims names, sets policies, and then waits...
> Buuut wouldn't fwupd be calling those methods when userspace is running (statistically including a desktop) too? Certainly having a D-Bus method to hit (even if a proxy) would make...
> to also make it D-Bus activated for non-early-boot stuff, so this shouldn't be a blocker I am not sure that's true. turning it into a D-Bus service means processing...
> In the dbus method can we have a way to discover what PCRs they're bound to? We shouldn't _need_ to be doing anything for some PCRs. I don't grok...
> > If that makes any sense? > > So _effectively_ - if fwupd does _nothing_ today to influence this you will end up with PCR0 as part of the...
> > varlink is trivial btw: you just write some trivial JSON to some socket, followed by a NUL byte. then you read back a JSON object, which is terminated...
TCG CEL is spec'ed here btw: https://trustedcomputinggroup.org/resource/canonical-event-log-format/ We use the JSON flavour, because everything else is unnecesary complicated I'd say. we use a minor derivative of it, i.e. don't do...
Well, on unattended systems it's kinda a necessity if you want to implement secure disk encryption. If we have to relax the security of the system to do firmware updates...