Daniel P. Berrangé <berra...@redhat.com> writes: > The way grub has to write its entire grub.conf into the TPM PCRs is > totally impractical for anyone wishing to maintain attestation > policies to verify the OS boot state from the TPM eventlog.
So this has been mentioned in several places, but no one in grub development has actually seen this problem articulated out, which makes me worry that it's spreading FUD. Could you write up a bug report or something concrete? Be well, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue