On Tue, Jun 6, 2023 at 8:20 AM Mantas Mikulėnas wrote:
>
> On Mon, Jun 5, 2023 at 11:38 PM Adrian Vovk wrote:
>>
>>
>> 2. The alternative approach involves pre-calculating PCR[7] on the
>> client if we're updating DBX or Shim. Here's how I envision this
>> going:
>> - We read the TPM log (which w
On Mon, Jun 5, 2023 at 11:38 PM Adrian Vovk wrote:
>
> 2. The alternative approach involves pre-calculating PCR[7] on the
> client if we're updating DBX or Shim. Here's how I envision this
> going:
> - We read the TPM log (which we can trust because we're currently
> booted to system verified via
Hello all,
I'm working on a general-purpose distro modeled after the proposal
made in "Fitting Everything Together". I'm planning to, by default,
seal the data partition's encryption with the following PCRs:
- PCR[7]: If secure boot gets turned off, or keys get replaced -> fail
decryption
- PCR[11
On Mon, Jun 5, 2023 at 11:09 AM Lennart Poettering
wrote:
> On Mo, 05.06.23 10:41, Valentin David (valentin.da...@canonical.com)
> wrote:
>
> > On Mon, Jun 5, 2023 at 9:56 AM Lennart Poettering <
> lenn...@poettering.net>
> > wrote:
> >
> > > On So, 04.06.23 14:25, Valentin David (valentin.da...@
On Mo, 05.06.23 11:09, Lennart Poettering (lenn...@poettering.net) wrote:
> On Mo, 05.06.23 10:41, Valentin David (valentin.da...@canonical.com) wrote:
>
> > On Mon, Jun 5, 2023 at 9:56 AM Lennart Poettering
> > wrote:
> >
> > > On So, 04.06.23 14:25, Valentin David (valentin.da...@canonical.com)
On Mo, 05.06.23 10:41, Valentin David (valentin.da...@canonical.com) wrote:
> On Mon, Jun 5, 2023 at 9:56 AM Lennart Poettering
> wrote:
>
> > On So, 04.06.23 14:25, Valentin David (valentin.da...@canonical.com)
> > wrote:
> >
> > > I have been trying to create a root partition from initrd with
>
I think that behavior was introduced by
https://github.com/systemd/systemd/commit/48a09a8fff480aab9a68e95e95cc37f6b1438751
On Mon, Jun 5, 2023 at 10:41 AM Valentin David
wrote:
>
>
> On Mon, Jun 5, 2023 at 9:56 AM Lennart Poettering
> wrote:
>
>> On So, 04.06.23 14:25, Valentin David (valentin.
On Mon, Jun 5, 2023 at 9:56 AM Lennart Poettering
wrote:
> On So, 04.06.23 14:25, Valentin David (valentin.da...@canonical.com)
> wrote:
>
> > I have been trying to create a root partition from initrd with
> > systemd-repart. The repart.d file for this partition is as follow:
> >
> > [Partition]
On Sa, 27.05.23 08:31, Felix Rubio (fe...@kngnt.org) wrote:
> Hi Lennart,
>
> I remember having read some time ago that UKI could pose problems with
> early-boot modules provided by vendors and so. But... let's give it a try!
> Then, the process should be:
>
> 1. Install a version of shim signed w
On Mo, 29.05.23 11:42, Felix Rubio (fe...@kngnt.org) wrote:
> Hi everybody,
>
> Continuing the work/learning path I started last week, I have had a
> development: Still with shim loading systemd-boot, which can read the kernel
> and initramfs from XBOOTLDR partition, I have introduced LUKS to encr
Technically yes, `udevadm trigger --action=` can be used to trigger rules
for any kind of action including remove (or just writing 'remove' into the
corresponding device's "/sys/.../uevent" file), just keep in mind that this
won't *actually* remove the device...which might result in udev and other
On So, 04.06.23 14:25, Valentin David (valentin.da...@canonical.com) wrote:
> I have been trying to create a root partition from initrd with
> systemd-repart. The repart.d file for this partition is as follow:
>
> [Partition]
> Type=root
> Label=root
> Encrypt=tpm2
> Format=ext4
> FactoryReset=yes
On Mo, 05.06.23 07:46, daggs (da...@gmx.com) wrote:
> Greetings,
>
> given a rule file which has a add and remove handlers, is there a
> way to manually trigger the remove handler of that file?
I cannot parse this, sorry.
Lennart
--
Lennart Poettering, Berlin
13 matches
Mail list logo
