| 16 Jul 2021 |
 andi- | Yeah | 12:42:10 |
 @grahamc:nixos.org | :) | 12:42:14 |
|  spacesbot - keeps a log of public NixOS channels | 13:00:04 |
| andi- | So yesterday I was able to wipe my state without th ecorrect password IIRC. All I did was call tpm2_clear. | 13:16:47 |
| andi- | How do you protect against that? | 13:17:04 |
| andi- | IIRC I did set two passwords when I first setup secrets. | 13:17:24 |
| @grahamc:nixos.org | interesting | 13:21:19 |
| @grahamc:nixos.org | not sure you can actually | 13:21:38 |
| @grahamc:nixos.org | maybe you can | 13:21:44 |
| @grahamc:nixos.org | but I'm thinking about how the bios can wipe it too | 13:24:08 |
| andi- | That would mean that I must lock the tpm device away and only let root / a special user interact with it. | 13:24:25 |
| andi- | I read some text that said that there are some hardware keys to adjust it | 13:24:38 |
