| 16 Jul 2021 |
 @grahamc:nixos.org | but I'm thinking about how the bios can wipe it too | 13:24:08 |
 andi- | That would mean that I must lock the tpm device away and only let root / a special user interact with it. | 13:24:25 |
| andi- | I read some text that said that there are some hardware keys to adjust it | 13:24:38 |
| @grahamc:nixos.org | you sort of need to do that anyway | 13:25:12 |
| @grahamc:nixos.org | because the nvram isn't partitioned or anything, it has no fs, you just have offsets in to the memory you write to | 13:25:35 |
| andi- | So you need to coordinate offsets across all your tools? e.g. OpenConnect and my kerberos daemon must each know where they can write? | 13:26:50 |
| @grahamc:nixos.org | mostly tools dont' need to write to the nvram I think | 13:27:15 |
| @grahamc:nixos.org | like, I think the nvram is for "I don't have a filesystem yet!" stuff, plus perhaps password attempt counters | 13:27:35 |
