On Fri, Apr 12, 2024 at 12:24:36PM -0400, Stefan Berger wrote: > > > On 4/12/24 04:39, Gary Lin via Grub-devel wrote: > > GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11 > > > > This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by > > Hernan Gatta to introduce the key protector framework and TPM2 stack > > to GRUB2, and this could be a useful feature for the systems to > > implement full disk encryption. > > You also need to extend the documentation with the command line steps and a > IMO there has to be a warning for VM users that sealing to PCRs inside a VM > is dangerous since the next packages update may bring an update to TianoCore > UEFI/SeaBIOS/SLOF/... showing different PCR values and unsealing will not > work then. > For baremetal users, it still could happen after upgrading the firmware. We surely need a place to notice users this situation when using PCR 0~7.
Thanks, Gary Lin _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
