Questions tagged [tpm]

Question 1

I've been trying to find information about how systemd-cryptenroll performs full-drive encryption with LUKS. I understand that the LUKS header allows multiple keyslots, and that using the TPM as a ...

Question 2

I want to run an Alpine Linux VM and want to connect the host's TPM to the VM. The host is x86_64 based. The command for qemu is qemu-system-aarch64 \ -m 1024 -cpu cortex-a57 -M virt \ -bios /...

Question 3

Firstly, greetings and I hope you the reader is doing well. I have spent the last five days barely sleeping. I have been doing search engine research on many IT sites including Stack Exchange and also ...

Question 4

On Debian, how can I instruct clevis/initramfs to unlock two LUKS devices before booting? I currently have both devices configured to be unlocked through TPM2, which is correctly configured as I can ...

Question 5

I recently installed Ubuntu on an old SSD, as I wanted to test out some software on a different OS. After installing Ubuntu (using debootstrap, arch-chroot and apt), my EFI's NVRAM boot order got ...

Question 6

Question 7

Currently, I try to understand how a measured boot is working and what components log what in which pcr of a tpm2. I have a test-setup with uefi-secure boot enabled and a tpm2 attached in a kvm ...

Question 8

TPMs are supposed to solve a chicken and egg problem of where to store unencrypted disk encryption keys such that someone can't simply pop another hard drive in the machine, boot a different OS and ...

Question 9

I have been investigating using the TPM2.0 for secure persistence of secrets using the tpm2-tools. It seems sealing objects are the way to go for this kind of thing. I am hoping someone here might be ...

Question 10

In order to do that, I think it's possible to make the password hash dependent on the TPM: that way, an attacker would need to invoke the TPM for every password hash, limiting the speed of password ...

Question 11

System: Fedora 37, Gnome 43 I enabled LUKS encryption on setup and enabled auto-decrypt via TPM 2 with following an article from Fedora Magazine. Auto-decrypt works but while it decrypts, it shows the ...

Question 12

I have been trying to get LUKS disk encryption with TPM2 working on an HP EliteBook 850 G8 running Kali Linux 2022.3. However, I am struggling to get TPM2 disk decryption added to Initramfs. Steps I ...

Question 13

I cannot figure out how to get clevis to auto-decrypt my root partition on boot. What I want I want to use the TPM2 chip on my kali PC to have an encrypted disk that self-decrypt on boot. The main ...

Question 14

The man page for tpm2_load has the following example: To load an object you first must create an object under a primary object. So the first step is to create the primary object. tpm2_createprimary -...

Question 15

I have an Ubuntu 20.04 machine setup that I am trying to configure for disk encryption. I am trying to setup auto unlock, but my configuration has not worked so far, and I am always prompted for a ...

Stack Exchange Network

Questions tagged [tpm]

Does systemd-cryptenroll encryption with a TPM bind decryption to that TPM?

TPM2 in qemu running aarch64 alpine linux

Desperate and sleepless, after days of attemps still can't auto-unlock LUKS with TPM, I want to cry, what am I doing wrong?

Unlock two LUKS devices before booting with clevis/initramfs

When do TPM slots fail to unlock partitions and how to correctly update them?

GPG Key to TPM. error from TPM: Card error

How and when is `/sys/kernel/security/tpm0/binary_bios_measurements` exposed?

How must I configure Debian or Ubuntu to ensure there's a chain of trust from TPM to Login?

Why can TPM2.0 sealing objects created under password-protected primary keys be loaded and used elsewhere without that password?

LUKS: Use TPM to make password hash function resistant to parallellized cracking

I Have LUKS Enabled And Integrated With TPM 2. How To Hide Passphrase Screen?

cryptsetup ignoring unknown option 'tpm2-device'

Clevis auto decrypt not wokring ( Kali 2022.2 + LUKS + TPM2 + Clevis )

What is a TPM2 "object context"?

Ubuntu 20.04 clevis-luks setup auto unlocking not working

Hot Network Questions