Lennart Poettering
Lennart Poettering
> > I'd presume that Red Hat would like to offer its customers secure, unattended, confidentiality of data at rest > > It's not Red Hat we need to convince,...
> For now; I'm not convinced the specs have caught up enough to be able to do what you want to do. There are potentially multiple values for PCR0 for...
> Why does systemd-pcrlock need to be a command-line tool or a daemon? Why can’t it be a library with a C API? That would be trivial for an fwupd...
> Is it possible to store the old values in a backup NV index? > > I want firmware updates to do the following automatically: > > * Compute the...
If you submit two PolicyXYZ ops to the tpm2 they are combined in an AND, hence no need for an explicit PolicyAND.
> In any case, the broader point is that once the firmware upgrade has completed, the NV index should be changed to block booting with old firmware versions. basically, we'd...
Hmm, what's the precise usecase here? I mean, can see why one might combine a TPM2 device and a FIDO2 device. But SSSS is way over the top for that...
I wished llvm would have an option where they would allow typecasts that supposedly are safe, i.e. that cast from pointer types to void* and back. or are they claiming...
Is there some weird code in that user session? i.e. nvidia driver, fuse drivers, code hanging on dead NFS or such? usually this is just an artifact of such a...
is there something weird in the pam stack? something like that?