I would like to seal away files on my system using keys stored in the TPM. Since my system uses UEFI to boot, I can no longer use TrustedGrub as a boot loader to maintain my trust chain. Are there any alternatives / ways to make use of the TPM on UEFI systems? Can Grub2 perhaps maintain the trust chain while booting UEFI?
- did you found any solution to your problem? I'm also interested in an similar approach. Perhaps TrustedBoot is an option?invalidusername– invalidusername2015-03-17 23:02:51 +00:00Commented Mar 17, 2015 at 23:02
Add a comment |
2 Answers
There is currenly no version of TrustedGRUB, respectively TrustedGRUB2, supporting both UEFI and TPM at the same time. Good news is, that TrustedGRUB2 supports TPM, but not UEFI at the same time. So, a part of your request is possible.
https://github.com/Sirrix-AG/TrustedGRUB2
1.2 Features - TPM Support with TPM detection (only legacy/mbr mode, UEFI is not supported at the moment)
answered Aug 9, 2015 at 10:05
Vlastimil Burián
31.3k66 gold badges210 silver badges358 bronze badges
Matthew Garrett has a working GRUB2 fork with TPM support in UEFI mode.
