| 14 Jun 2023 |
 Arian | Tailscale recently also added Webauthn support for first-party log in | 12:32:56 |
| Arian | and converting a TPM attestation to a Webauthn sig is actually defined in the CTAP/Webauthn spec | 12:33:08 |
| Arian | But if you wanna go the OIDC route. if you're on Google Cloud they now have an attestation service that allows you to exchange TPM quotes for OIDC tokens signed by accounts.google.com, | 12:34:02 |
| Arian | they'll check the EKCert and see if the hardware is signed by google and then give you an oidc token back | 12:34:31 |
| Arian | and check if machine is in correct state | 12:34:42 |
| Arian | (Of course each google cloud instance already comes with an OIDC token from the metadata service too) | 12:35:22 |
| 15 Jun 2023 |
 @lily:lily.flowers | In reply to @elvishjerricco:matrix.org
Lily Foster: And yea, there's probably a bunch of plymouth stuff to do... As promised, here's your Plymouth overhaul PR: https://github.com/NixOS/nixpkgs/pull/237908 (the quit-wait thing for rescue shells still needs work as it caused more problems than it fixed somehow in my testing -- could just be something with my VM though idk) | 11:15:21 |
 @elvishjerricco:matrix.org | awesome | 13:47:03 |
 K900 (deprecated) | Oh no | 13:47:39 |
| K900 (deprecated) | brb breaking my bootchain | 13:47:46 |
| @elvishjerricco:matrix.org | K900: ? | 13:48:12 |
| @elvishjerricco:matrix.org | oh, for new plymouth? | 13:48:24 |
| K900 (deprecated) | Yep | 13:48:27 |
| @lily:lily.flowers | Godspeed 🫡 | 13:48:29 |
| @elvishjerricco:matrix.org | yea I'll definitely be testing that on my desktop | 13:48:41 |
| K900 (deprecated) | Oh hey it actually works | 14:07:26 |
| K900 (deprecated) | Mostly | 14:07:26 |
| K900 (deprecated) | The annoying part is the sd-stub boot messages | 14:07:33 |
| K900 (deprecated) | But those will hopefully go away once we have lzstub + Project Bootloader | 14:07:58 |
| @elvishjerricco:matrix.org | sd-stub boot messages? | 14:08:29 |
| K900 (deprecated) | Unless they're refind boot messages | 14:09:07 |
| K900 (deprecated) | Which is also possible | 14:09:09 |
| @elvishjerricco:matrix.org | K900: What would sd-stub or refind have to do with plymouth? | 14:09:52 |
| K900 (deprecated) | Not Plymouth specifically | 14:11:09 |
| K900 (deprecated) | The Plymouth part works | 14:11:24 |
| K900 (deprecated) | The two mode switches before it kicks in though | 14:11:29 |
| K900 (deprecated) | Annoying | 14:11:30 |
| @elvishjerricco:matrix.org | ah i see | 14:11:46 |
| K900 (deprecated) | And I think I see the problem now | 14:11:59 |
| K900 (deprecated) | Kinda | 14:12:00 |
