| 28 Apr 2023 |
 baloo | other than that, it's a plain hash of the file. | 17:33:34 |
| baloo | ( https://github.com/m4b/goblin/pull/362/files ) | 17:34:54 |
| 8 May 2023 |
|  @pedrohlc:mozilla.org changed their profile picture. | 13:33:33 |
| 12 May 2023 |
|  @samueldr:matrix.org changed their profile picture. | 02:29:46 |
|  lassulus changed their profile picture. | 10:12:06 |
| lassulus changed their profile picture. | 13:39:13 |
| 14 May 2023 |
|  sympt joined the room. | 07:33:28 |
| 15 May 2023 |
 GenericNerdyUsername | idk if this is more of a question for https://matrix.to/#/#secure-boot:nixos.org, but https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/ says PCR 7 changes when UEFI SecureBoot mode is enabled/disabled, or firmware certificates (PK, KEK, db, dbx, …) are updated. The shim project will measure most of its (non-MOK) certificates and SBAT data into this PCR. | 20:38:49 |
| GenericNerdyUsername | What do I do if I want to update the dbx? | 20:39:15 |
| GenericNerdyUsername | * What do I do if I want to update the dbx, but have a key sealed against PCR7? | 20:40:34 |
| GenericNerdyUsername | * idk if this is more of a question for https://matrix.to/#/#secure-boot:nixos.org, but https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/ says PCR 7 changes when UEFI SecureBoot mode is enabled/disabled, or firmware certificates (PK, KEK, db, dbx, …) are updated. | 20:40:43 |
| GenericNerdyUsername | Or rather, how do I prevent this being a problem in the future? | 20:41:06 |
| GenericNerdyUsername | (Im setting up full disk encryption with the key stored in the tpm) | 20:41:18 |
 Julian Stecklina (Old) | As long as you have another key to unlock the volume and reenroll its key, you should be fine | 21:41:09 |
| baloo | https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part1_Architecture_pub.pdf#page=158 :) | 21:43:28 |
| baloo | just add another layer of crypto | 21:44:26 |
| baloo | now you just need to add support for EA policies to ... everything? | 21:45:46 |
| 25 May 2023 |
|  raitobezarius changed their display name from raitobezarius to disko in NixOS 23.11 when. | 13:32:34 |
| raitobezarius changed their display name from disko in NixOS 23.11 when to raitobezarius. | 13:37:35 |
| 27 May 2023 |
|  NixOS Moderation Botchanged room power levels. | 16:40:45 |
| 1 Jun 2023 |
|  @federicodschonborn:matrix.org joined the room. | 11:58:28 |
| 2 Jun 2023 |
|  mei 🌒& changed their display name from ckie (they/them; limited keyboard usage, voice preferred) to ckie (they/them). | 22:21:24 |
| 4 Jun 2023 |
|  eliaselias joined the room. | 09:05:47 |
| @federicodschonborn:matrix.org changed their profile picture. | 17:40:15 |
| 13 Jun 2023 |
| @federicodschonborn:matrix.org changed their profile picture. | 20:55:36 |
| 14 Jun 2023 |
|  @ronnypfannschmidt:matrix.org left the room. | 15:14:41 |
| 25 Jun 2023 |
 hexa | https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 | 22:56:37 |
| 26 Jun 2023 |
| raitobezarius | baloo: ^ | 08:32:23 |
| 27 Jun 2023 |
| baloo | wait, opened since Jan 19?! | 03:31:52 |
| baloo | fixed in 4.0.1 | 03:33:20 |
