| 6 Jan 2023 |
|  @bbigras:matrix.org left the room. | 06:19:02 |
| 18 Jan 2023 |
|  Fabián Heredia joined the room. | 03:52:48 |
 Julian Stecklina (Old) | hey everyone. Is there a good overview somewhere what the different TPM PCRs are usually used for? | 13:19:14 |
 linj | In reply to @js:ukvly.org
hey everyone. Is there a good overview somewhere what the different TPM PCRs are usually used for? https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ | 13:30:05 |
| Julian Stecklina (Old) | Thanks! 👍 | 17:48:47 |
 ElvishJerricco | Julian Stecklina: for something much more Linux specific, check the man page for systemd-cryptenroll | 23:38:32 |
| 19 Jan 2023 |
|  @ronnypfannschmidt:matrix.org changed their profile picture. | 08:34:25 |
| 20 Jan 2023 |
|  @emantor:stratum0.org left the room. | 09:23:52 |
| 28 Jan 2023 |
| ElvishJerricco | https://github.com/systemd/systemd/pull/26185
This sounds like you won't be able to just systemd-cryptenroll with a TPM anymore without taking ownership of the TPM, is that right?
| 18:05:20 |
| ElvishJerricco | Zhaofeng Li: ^ This might be relevant for us with our Steam Deck set ups. | 18:09:40 |
 Zhaofeng Li | Hmm possibly, we should ask | 18:37:54 |
| 30 Jan 2023 |
| ElvishJerricco |
If the owner auth is empty, you have a worthless TPM
Can anyone explain what they mean by this?
| 21:12:41 |
| 31 Jan 2023 |
 baloo | His concerns seems to be that someone would be able to nuke the keys. | 17:37:21 |
| baloo | (you need to auth with the password for the lockout hierarchy to issue a tpm clear on the owner hierarchy) | 17:38:03 |
| baloo | not entirely sure what the owner auth refers to? You'd need that to tpm2_nvundefine I guess? | 17:39:22 |
| baloo | if you want a sandbox to play with that:
https://gist.github.com/baloo/dcc7dc2405063a151ca527b79893170c | 17:43:16 |
| 1 Feb 2023 |
 @grahamc:nixos.org | what's a few nuked keys between friends | 14:59:43 |
| 2 Feb 2023 |
| ElvishJerricco | baloo: I'm still very confused about what that PR actually does, and the author was very dismissive and unhelpful when I asked. | 15:30:46 |
| baloo | Yeah that’s the curse of tpm I guess. Everyone has an opinion but everyone is always wrong. Except mjg59 | 16:30:52 |
| ElvishJerricco | baloo: Yea it was mentioned to me that that person might have a good explanation about TPM stuff somewhere but I didn't really find anything browsing their blog | 19:16:20 |
| ElvishJerricco | I mean I saw some stuff basically outlining measured boot and whatnot but that's not really what I'm not understanding | 19:16:54 |
| baloo | who's that? | 19:16:57 |
| ElvishJerricco | mjg | 19:17:06 |
 raitobezarius | mjg59 | 19:17:07 |
| baloo | ha, yeah. well I do enjoy his fediverse's feed | 19:17:43 |
| baloo | * ha, yeah. well I do enjoy his fediverse feed | 19:17:50 |
|  Matthew joined the room. | 21:44:55 |
| 3 Feb 2023 |
 flokli | I tried backporting the systemd tpm fixes into the current stable release, but tripped an assertion: https://github.com/NixOS/nixpkgs/pull/214383 | 16:54:57 |
| 4 Feb 2023 |
| ElvishJerricco | This ended up being incredibly helpful for my SRK questions and generally does a good job explaining all aspects of the TPM at a high level: https://google.github.io/tpm-js/ | 03:19:46 |
| 20 Feb 2023 |
|  mixis set a profile picture. | 18:09:00 |
