| 16 Jul 2021 |
 @grahamc:nixos.org | it would probably need to be an opinionated thing | 13:56:29 |
| @grahamc:nixos.org | like "this won't work unless you follow our strict path =) my way or the highway " | 13:57:06 |
 andi- | Ok, I actually think Fedora has done that stuff. There is that dracut plugin that allows you to do SSS, Password, remote unlock and TPM based unlock etc.. | 13:57:58 |
| @grahamc:nixos.org | although in what I've set up here I get PCR validation and encrypted disks without using nvram statue | 13:58:02 |
| @grahamc:nixos.org | * although in what I've set up here I get PCR validation and encrypted disks without using nvram state | 13:58:12 |
| @grahamc:nixos.org | so it would only get wiped if they switched to windows and windows cleared the tpm | 13:58:31 |
| andi- | https://aboutcher.co.uk/2020/06/fedora-linux-luks-encryption-with-tpm-unlock/ this sounds so easy :D | 14:02:06 |
 hexa | oh right, clevis. | 14:02:51 |
| andi- | Getting clevis to work on NixOS would already be amazing. SSS for unlocking a community computer is a common enough use case. | 14:03:33 |
| hexa | right, that's when we looked into that | 14:03:59 |
