| 15 Sep 2022 |
 ElvishJerricco | Zhaofeng Li: We do use the initrd directive. But (and I can't remember where I read this), I believe systemd-boot just converts that directive into an initrd= cmdline option. | 01:31:41 |
 Zhaofeng Li | If this is the case, the systemd-boot docs are dangerously incorrect. This is very surprising. | 01:33:00 |
| ElvishJerricco | That's what this wiki says: https://www.freedesktop.org/wiki/Software/systemd/systemd-boot/ | 01:33:48 |
| ElvishJerricco | Where are the docs wrong about this? | 01:34:05 |
| ElvishJerricco | And yea, my boot entries on my desktop have an initrd directive, but obviously I still get that "Loaded initrd from command line option" message | 01:34:39 |
| Zhaofeng Li | I mean, the docs are wrong about initrd being measured in PCR 9 under normal usecases (the initrd directive) | 01:36:47 |
| ElvishJerricco | oh yes | 01:36:57 |
| ElvishJerricco | yes that's certainly true | 01:37:01 |
| ElvishJerricco | I don't have a way to test that right now or else I'd try it out to make sure | 01:37:18 |
| ElvishJerricco | (one of the next things I'm going to do in my bootspec-secureboot adventure is add TPM support to qemu-vm so I can test that with NixOS tests as well) | 01:37:58 |
| ElvishJerricco | (but for now my steam deck is my only tpm enabled device and I very much do not have nixos on it yet) | 01:38:18 |
| Zhaofeng Li | (as you mentioned - haven't checked the docs myself as I'm on my phone) | 01:38:27 |
| ElvishJerricco | * (one of the next things I'm going to do in my bootspec-secureboot adventure is add TPM support to qemu-vm.nix so I can test that with NixOS tests as well) | 01:38:30 |
| 18 Sep 2022 |
|  greaka left the room. | 11:35:26 |
| 19 Sep 2022 |
|  @cw:kernelpanic.cafe left the room. | 03:03:21 |
|  lassulus joined the room. | 15:43:04 |
| 24 Sep 2022 |
 @alexandre:iooss.fr | https://nixos.wiki/wiki/TPM I just started a new wiki page to help users to use their TPM on NixOS
There is still things that I don't understand, I have set security.tpm2.tctiEnvironment.enable=true and have the corresponding environment variables pointing to device,/dev/tpmrm0, but OpenSSH is still trying to init FAPI backend (and fail) | 13:21:04 |
| 30 Sep 2022 |
 Mic92 | Alexandre: nice. How do you backup such a key? | 11:53:10 |
| @alexandre:iooss.fr | In reply to @joerg:thalheim.io
Alexandre: nice. How do you backup such a key? I am still learning the spec, but maybe it is possible to import a key using tpm2-pkcs11 (which would allow a backup). It is clearly one of the question that needs to be answered on the wiki page ><" | 11:55:51 |
| 2 Oct 2022 |
 Leon | In reply to @alexandre:iooss.fr
https://nixos.wiki/wiki/TPM I just started a new wiki page to help users to use their TPM on NixOS
There is still things that I don't understand, I have set security.tpm2.tctiEnvironment.enable=true and have the corresponding environment variables pointing to device,/dev/tpmrm0, but OpenSSH is still trying to init FAPI backend (and fail) I think this might be something I've noticed all over the TPM2 domain. It seems that almost every tool chooses its own generic-sounding environment variable to rely on. | 19:16:40 |
| 5 Oct 2022 |
|  Rosuavio joined the room. | 19:08:59 |
| 6 Oct 2022 |
 @colemickens:matrix.org | there's a number of talks in this conf that are related to TPMs, but this one is particularly intriguing to me, maybe of interest to others here: https://www.osfc.io/2022/talks/user-friendly-lightweight-tpm-remote-attestation-over-bluetooth/ | 01:43:17 |
| 15 Oct 2022 |
|  @tinybronca:sibnsk.net changed their display name from underpantsgnome to underpantsgnome!. | 00:39:57 |
| 29 Oct 2022 |
|  uep joined the room. | 06:06:19 |
| 30 Oct 2022 |
|  Madoura joined the room. | 02:01:00 |
| 31 Oct 2022 |
| @tinybronca:sibnsk.net changed their display name from underpantsgnome! to underpantsgnome. | 20:29:22 |
| 16 Nov 2022 |
|  zuckerberg changed their profile picture. | 15:53:05 |
|  @omlet:matrix.org joined the room. | 20:34:18 |
| 17 Nov 2022 |
|  Mats joined the room. | 00:21:50 |
| ElvishJerricco | Is there a reasonable way to do remote attestation with the TPM? systemd doesn't seem to have anything included, and the tpm2-tools CLI and documentation are... extremely unfriendly and confusing | 18:38:12 |
