I do not see what should be provided in
tpm2-public-key-pcrs. The same values I am currently giving to
--tpm2-pcrs? the signatures that I get from the .pcrsig for 11 + the
calculated signatures for the current values of the PCRs 7 and 14?
Thank you very much for your time,
--
Felix Rubio
gned policy that gets calculated
out of that register is fulfilled. Should that be the case, this
additional control will not harm but I guess is a bit redundant for my
use case?
Thank you very much for your time,
--
Felix Rubio
"Don't believe what you're told. Double check."
Hi everybody,
I am kind of lost, and after some hours giving a look at the issue...
maybe somebody can give me a hand? I am working on the PR
https://github.com/systemd/systemd/pull/28339, to provide a way to
specify literals for the PCRs. As part of this PR I am creating a
hashmap of hashmap
Nope: AMD Ryzen 7 6800H,
But thank you for the suggestion!
Felix
On 2023-07-07 09:07, Christian Hesse wrote:
Felix Rubio on Thu, 2023/07/06 18:07:
Using arch linux, I have had my kernel upgraded from 6.3.9 to 6.4.1.
After regenerating the UKI, that works, I get just a black screen when
have
checked and there's been no update about that.
Is there any way to set systemd in verbose mode, so that I get more
information before the black screen?
Thank you,
Felix
t with the actual values of PCRs 7, 14 and 11.
Do you guys this approach is sound?
Thank you,
Felix
On 2023-07-05 14:26, Lennart Poettering wrote:
On Mi, 05.07.23 13:11, Felix Rubio ([email protected]) wrote:
For what is explained on the the systemd-pcrphase.service(8) and
comparing
it to what I
I understand that, but systemd-measure is only about PCR 11. Is there
any way to provide a list of PCRs, so that additionally can be embedded
on the UKI?
Thank you,
Felix
On 2023-07-05 14:26, Lennart Poettering wrote:
On Mi, 05.07.23 13:11, Felix Rubio ([email protected]) wrote:
For what is
shim have not changed, or to have only PCR 11 so that I know that the
UKI has not changed although SB can potentially be even disabled
(please, correct me if wrong)?
Thank you!
Felix
On 2023-07-05 10:36, Lennart Poettering wrote:
On Mi, 05.07.23 08:30, Felix Rubio ([email protected]) wrote
documentation on systemd-measure (that I am not using
at the moment): could it be that there are events added to PCR 11 after
the unlocking has happened, so that I am enrolling the wrong PCR value?
Otherwise... what am I doing wrong?
Felix
do something similar with systemd-cryptenroll?
Regards!
--
Felix
Hi Lennart, Andrei, Adrian
Understood, and thank you very much :-) then 7+11+14 it is.
Regards!
---
Felix Rubio
"Don't believe what you're told. Double check."
On 2023-06-19 17:21, Lennart Poettering wrote:
On So, 18.06.23 20:56, Felix Rubio ([email protected]) wrote:
use of outdated UKI is not possible.
Thank you!
Felix
On 2023-06-19 14:04, Andrei Borzenkov wrote:
On 19.06.2023 10:19, Felix Rubio wrote:
"Signed by whom?" - Signed by an actor trusted by Secure Boot, either
at
the platform level, or by any of the Shim contributors (I have not
c
uot; - The one I generated and enrolled into
MOK.
Regards!
Felix
On 2023-06-19 06:26, Andrei Borzenkov wrote:
On 18.06.2023 21:56, Felix Rubio wrote:
Hi everybody,
After some days offline, today I have gone through the emails
exchanged
a couple of weeks ago and agreed: UKI is the way to go.
gards,
Felix
partition, and to not get involved yet with UKI.
Now I am trying to work out a way to smooth the case when after a kernel
/ modules update the TPM state changes and will not unlock
automatically... but this for another day, I guess :-)
Thank you very much for you help!
--
Felix Rubio
"
-pcrs=0+1+7+9
Then, by using PCR9 the initrd would be checked before allowing the boot
sequence to continue. By doing this, then, I do not have to switch to
UKI until I have learned more about it.
Do you guys think this reasoning is flawed?
Thank you,
---
Felix Rubio
"Don't believe w
fi so that it gets picked up by shim
3. Generate the UKI to /boot/
I will give it a try... and see how it goes.
Regards!
--
Felix Rubio
"Don't believe what you're told. Double check."
On 2023-05-25 10:26, Lennart Poettering wrote:
On Mi, 24.05.23 19:01, Felix Rubio (fe...@kngnt
initramfs on a PE envelope, as you suggested,
when then its signature be validated automatically? when it gets loaded?
Because, if so... this would work enough for this use case.
Thank you
---
Felix Rubio
"Don't believe what you're told. Double check."
On 2023-05-24 18:11,
What are your
thoughts?
Regards,
--
Felix Rubio
"Don't believe what you're told. Double check."
On 2023-05-24 14:35, Lennart Poettering wrote:
On Mi, 24.05.23 12:22, Felix Rubio ([email protected]) wrote:
I agree that having a measured boot, that decrypts the system is
-boot, or this is something that is
considered to be just out of scope?
Thank you
---
Felix Rubio
"Don't believe what you're told. Double check."
On 2023-05-23 21:32, Andrei Borzenkov wrote:
On 23.05.2023 21:54, Felix Rubio wrote:
Hi everybody,
I am trying to understand
the use of UKI...
but this comes with its own problems about out-of-tree kernel modules
and so.
So, the question is: why the kernel image gets verified but not the
initramfs? Is this mandated by some standard, or is an engineering
decision?
Thank you very much!
--
Felix Rubio
"Don
Thank you Lennart. When I separated the /boot from /boot/efi I
formatted /boot partition with ext2. After reading your answer I
reformatted it to FAT and... all works.
Regards!
---
Felix Rubio
"Don't believe what you're told. Double check."
On 2023-05-23 10:51, Lenn
?
Regards,
--
Felix Rubio
"Don't believe what you're told. Double check."
sys/class/net/ens19` for applying a changed
.link file to my link.
On Tue, Mar 3, 2020, 10:59 Mantas Mikulėnas wrote:
>
>
> On Mon, Mar 2, 2020, 16:59 Felix <mailto:[email protected]>> wrote:
>
> Hello everybody,
>
> I'm failing to set an ali
on context.
```
How can I set the link alias using systemd-networkd?
Thanks,
Felix
___
systemd-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
___
systemd-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
this specific case
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
___
system
Lennart Poettering composed on 2016-05-30 17:37 (UTC+0200):
> Felix Miata wrote:
>> Lennart Poettering composed on 2016-05-29 18:40 (UTC+0200):
>> >Felix Miata wrote:
>> >>The message I see is equivalent in form as during boot, e.g. when a
>> >>files
Lennart Poettering composed on 2016-05-30 17:37 (UTC+0200):
> Felix Miata wrote:
>> Lennart Poettering composed on 2016-05-29 18:40 (UTC+0200):
>> >Felix Miata wrote:
>> >>The message I see is equivalent in form as during boot, e.g. when a
>> >>files
Lennart Poettering composed on 2016-06-02 13:21 (UTC+0200):
Felix Miata wrote:
Anyone else notice this happening? Known problem?
[ 848.647555] systemctl[666]: segfault at 0 ip 561573dc3c03 sp
7ffeddbff490 error 4 in systemctl[561573d51000+a3000]
Please provide a proper
New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
___
systemd-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Lennart Poettering composed on 2016-05-29 18:40 (UTC+0200):
Felix Miata wrote:
The message I see is equivalent in form as during boot, e.g. when a
filesystem not noauto in fstab is to be mounted but cannot be found, so a
delay of typically 90sec, but sometimes much longer, occurs. Mount
Mantas Mikulėnas composed on 2016-05-27 20:05 (UTC+0300):
Lennart Poettering wrote:
Felix Miata wrote:
Did this ever get fixed? IOW, sometimes a service will fail to start when a
system is started, or later, after a session of updating, a previously
operating service fails to restart, or
e messages.
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
___
systemd-devel
oredom :-)
Thank you very much for your workaround suggestion,
Felix
___
systemd-devel mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
I'd like to know if resolved can redirect DNS queries for certain domains to
different name servers?
rationale: I want to query a few DNS black lists but my provider's name
servers have been blocked because they send too many queries to the BL.
However my intended usage qualifies for the "free" t
tanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
___
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Lennart Poettering composed on 2015-04-16 12:40 (UTC+0200):
> Felix Miata wrote:
>> I asked the following on freedesktop list a month ago and got no response. As
>> there was quite some time between this showing up in Fedora and Tumbleweed,
>> and Tumbleweed only lately upgr
Lennart Poettering composed on 2015-04-16 12:32 (UTC+0200):
> Felix Miata wrote:
>> Needing again to CAD on yet another machine (kt88b this time, kt400 earlier),
>> again encountering / going into RO state, I noticed this time the message
>> "Ctrl-Alt-Del was pressed m
Lennart Poettering composed on 2015-04-16 12:16 (UTC+0200):
> Felix Miata wrote:
>> Zbigniew JÄdrzejewski-Szmek composed on 2015-04-15 18:11 (UTC):
>> > On Wed, Apr 15, 2015 at 13:31:38 -0400, Felix Miata wrote:
>> >> This isn't the first time or the onl
e two bugs, one against Nouveau and another
against Radeon? Has no one else here encountered this?
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata
Felix Miata composed on 2015-04-15 14:48 (UTC-0400):
> Zbigniew JÄdrzejewski-Szmek composed on 2015-04-15 18:11 (UTC):
>
>> On Wed, Apr 15, 2015 at 13:31:38 -0400, Felix Miata wrote:
>
>>> This isn't the first time or the only system. This particular one is an old
Zbigniew Jędrzejewski-Szmek composed on 2015-04-15 18:11 (UTC):
> On Wed, Apr 15, 2015 at 13:31:38 -0400, Felix Miata wrote:
>> This isn't the first time or the only system. This particular one is an old
>> Athlon booted to F22 just updated last night. In order to try some f
ux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
___
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Chris Murphy composed on 2015-01-28 23:51 (UTC-0700):
> Felix Miata wrote:
>> Chris Murphy composed on 2015-01-27 23:29 (UTC-0700):
>>> Felix Miata wrote:
>>>> Lennart Poettering composed on 2015-01-28 02:03 (UTC+0100):
>>>>> Hmm, Fedora doesn&#
Chris Murphy composed on 2015-01-27 23:29 (UTC-0700):
> Felix Miata wrote:
>> Lennart Poettering composed on 2015-01-28 02:03 (UTC+0100):
>>> Hmm, Fedora doesn't obey root=? That sounds like a bug.
> I'm not sure what it means, Fedora doesn't obey root=. S
Lennart Poettering composed on 2015-01-28 02:03 (UTC+0100):
> Felix Miata wrote:
>> Both. When they occur during init they repeat during shutdown. Even when I
>> let init complete and succeed to fix the typo or oversight, the init failure
>> gets remembered and repeated a
Lennart Poettering composed on 2015-01-28 02:33 (UTC+0100):
>>> Felix Miata wrote
...
> So, I actually implemented this now. Or actually, I only implemented
> the part about C-A-D triggering a reboot. I picked 7x per 2s as limit
> though, seemed easier to me.
> It should b
Andrei Borzenkov composed on 2015-01-20 11:24 (UTC+0300):
> Felix Miata wrote:
>> When they occur during init they repeat during shutdown. Even when I
>> let init complete and succeed to fix the typo or oversight, the init failure
>> gets remembered and repeate
Andrei Borzenkov composed on 2015-01-20 06:35 (UTC+0300):
> Mon, 19 Jan 2015 17:59:41 -0500 Felix Miata composed:
>> Has anything been done in more recent releases about this? I do a lot of
>> cloning, and sometimes produce typos on grub cmdlines and fstab lines. This
>> pr
nt
words are persuasive." Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
___
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Andrei Borzenkov composed on 2014-10-21 12:12 (UTC+0400):
> Felix Miata wrote:
>> Andrei Borzenkov composed on 2014-10-21 11:29 (UTC+0400):
>>> Felix Miata wrote:
>>>> I have 27 Fedora 21 & 22 installations to real hardware, all originating
>>>>
Andrei Borzenkov composed on 2014-10-21 11:29 (UTC+0400):
> Felix Miata wrote:
>> I have 27 Fedora 21 & 22 installations to real hardware, all originating via
>> HTTP process. Half work as expected. Those that do have NetworkManager not
>> installed, and have
&
erbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
___
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
On 2014-03-28 11:45 (GMT) Colin Guthrie composed:
Felix Miata composed:
On 2014-03-27 21:46 (GMT-0300) Cristian RodrÃguez composed:
Felix Miata composed:
I see this repeated often during reboot attempts that do not proceed as
expected to swiftly do the deed. It seems to be
On 2014-03-27 21:46 (GMT-0300) Cristian Rodríguez composed:
Felix Miata composed:
I see this repeated often during reboot attempts that do not proceed as
expected to swiftly do the deed. It seems to be prerequisite to
shutdown/reboot. I can't recall ever seeing anything like it when
sys
:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
___
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Hi,
I develop Python software and some of this software comes with a Python
daemon which is started during boot. Í can write a service file easily,
just starting the daemon as I do now with a traditional init script.
If I understand the concept correctly, my daemon should use socket-based
ac
d
to pass any other arguments on the kernel command line?
Thanks for your assistance
Felix
___
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
59 matches
Mail list logo
