Kevin Fenzi writes:
> What does 'support for clevis' there look like? you mean just binding a
> encrypted drive to look for clevis servers on boot?
Yes, currently we only support the "tang" pin.
> I think tpm2 might be good, but lots of machines don't have tpm2.
> So I would think it would
Richard Hughes writes:
> On Wed, 8 Jul 2020 at 09:59, Marius Vollmer wrote:
>> As I understand it, there is a lot of evolving OS specific subtlety
>> involved, so I am asking specifically how this would look on current
>> Fedora and what to expect in the near future.
>
> Just a heads-up; the PC
On Wed, 8 Jul 2020 at 09:59, Marius Vollmer wrote:
> As I understand it, there is a lot of evolving OS specific subtlety
> involved, so I am asking specifically how this would look on current
> Fedora and what to expect in the near future.
Just a heads-up; the PCR0 changes when you upgrade the sy
On Wed, Jul 08, 2020 at 11:58:58AM +0300, Marius Vollmer wrote:
> Hi,
>
> we have some rudimentary support for Clevis in the Cockpit Web Console,
> and now the question is, should we add support for "tpm2" to that?
What does 'support for clevis' there look like? you mean just binding a
encrypted
Hi,
we have some rudimentary support for Clevis in the Cockpit Web Console,
and now the question is, should we add support for "tpm2" to that?
As I understand it, there is a lot of evolving OS specific subtlety
involved, so I am asking specifically how this would look on current
Fedora and what t