Lightly rearchitecting how we do UEFI Secure Boot on Linux so it's easier to use TPMs: https://t.co/GOtNqqgZeh
— Matthew Garrett (@mjg59) July 18, 2017
http://mjg59.dreamwidth.org/48897.html
This similar to the Heads approach: unseal the TPM secret, extend the PCRs, embed the LUKS key into initrd and kexec into the real kernel. pic.twitter.com/AaDru6TpKy
— Trammell Hudson ⚙ (@qrs) July 18, 2017