| 26 Jan 2024 |
 ElvishJerricco | so you basically are using the TPM just for remote attestation | 23:03:38 |
 raitobezarius | And then on a reboot something change | 23:03:42 |
| ElvishJerricco | which authenticates the machine to gain access to its disk decryption key | 23:03:51 |
| ElvishJerricco | from a server | 23:04:00 |
| raitobezarius | You can prompt yourself on your phone or something to accept/refuse that new change, etc. | 23:04:02 |
| raitobezarius | In reply to @elvishjerricco:matrix.org
so you basically are using the TPM just for remote attestation Correct | 23:04:09 |
| ElvishJerricco | yea, that's really cool | 23:04:12 |
| ElvishJerricco | I really like the idea of having it ping my phone too | 23:04:20 |
| ElvishJerricco | because if I tie the secret to the phone somehow, then it's still manually authenticated | 23:04:38 |
| raitobezarius | Yep, I really want this prompt mechanism | 23:05:05 |
| ElvishJerricco | but it's just one convenient button press | 23:05:07 |
| ElvishJerricco | yea | 23:05:12 |
| ElvishJerricco | I like it | 23:05:13 |
| raitobezarius | And technically you can hold the encryption key in your phone's TPM2 | 23:05:17 |
