3 Oct 2024 |
mjm | right, you could do either | 17:33:01 |
ElvishJerricco | but I think the goal is to eventually improve boot.initrd.secrets so that instead of literally appending secrets into your initrd, it copies them into place for use with the systemd stub | 17:33:14 |
ElvishJerricco | and automatically encrypts them with the tpm or something like that if so desired by the user | 17:33:32 |
ElvishJerricco | oh cool. I hadn't tried bcachefs-fstab-generator's credential support with the TPM yet, and it just worked out of the box. I mean, I expected as much, but I also expect most of my expectations to be broken, so it's a nice surprise :P | 20:17:54 |
Jared Baur | @arianvp:matrix.org: just following up, did you post a minimal broken config with stc-ng? I may have missed it | 20:21:14 |
emily | In reply to @elvishjerricco:matrix.org It's one more thing for me to have to avoid leaking I think that if you leak your TPM key you need to rotate all your secrets anyway tbh | 20:21:38 |
raitobezarius | In reply to @elvishjerricco:matrix.org raitobezarius: do you think that would be reasonable? it's possible but the stub needs to understand that profile thing | 20:57:52 |
raitobezarius | (and basically we are just reinventing systemd addons, right?) | 20:58:17 |
raitobezarius | (our manifest is just a PE binary with a manifest section containing the data we care about) | 20:58:27 |
ElvishJerricco | yes except systemd addons have the problem that you can use the wrong combination of them | 20:59:12 |
raitobezarius | right, with manifest, this wouldn't happen | 20:59:26 |
raitobezarius | (and so you'd sign N + 1 things, the main stub, the N profiles) | 20:59:58 |
ElvishJerricco | yea | 21:00:07 |
raitobezarius | and each profile is a (kernel, initrd, etc…) combination | 21:00:10 |
raitobezarius | * and each profile is a (kernel, initrd, etc…) choice | 21:00:15 |
ElvishJerricco | yea, and like regular lanzaboote stub it would just contain the path and hash of the component rather than its contents | 21:00:42 |
ElvishJerricco | but yea the point is to separate code from manifest | 21:01:21 |
ElvishJerricco | e.g. so that one day we can have vendor signed lanzaboote and MOK signed manifests | 21:01:34 |
raitobezarius | which is achieved ironically by making the manifest an executable | 21:01:35 |
ElvishJerricco | yes :P | 21:01:44 |
raitobezarius | someday, secureboot 2.0 will happen | 21:01:59 |
ElvishJerricco | other than SBAT by default, what would you change? | 21:02:38 |
raitobezarius | well | 21:02:45 |
raitobezarius | secureboot 2.0 is already a thing | 21:02:48 |
ElvishJerricco | oh? | 21:02:53 |
ElvishJerricco | didn't know that | 21:02:55 |
raitobezarius | ~6 months ago, there was a presentation / discussions among the secureboot folks | 21:03:06 |
ElvishJerricco | is there a link? | 21:03:14 |
raitobezarius | i think they want to fix things like the fact that's it very non-democratic / non user owned | 21:03:16 |
raitobezarius | In reply to @elvishjerricco:matrix.org is there a link? not that i'm aware of | 21:03:29 |