From: Patrick Ohly <patrick.ohly at intel.com>
To: tpm2@lists.01.org
Subject: Re: [tpm2] using TPM2 NVRAM for storing LUKS password
Date: Fri, 10 Nov 2017 10:07:52 +0100 [thread overview]
Message-ID: <1510304872.22094.45.camel@intel.com> (raw)
In-Reply-To: 1510232036.22094.29.camel@intel.com
[-- Attachment #1: Type: text/plain, Size: 1752 bytes --]
On Thu, 2017-11-09 at 13:53 +0100, Patrick Ohly wrote:
> Hello!
>
> I am trying to port the refkit support for whole-disk encryption from
> TPM 1.2 to TPM 2.0. In refkit, an installer image sets up the
> internal
> disk with the root partition encrypted with LUKS. The initramfs then
> unlocks that partition before mounting it and transferring control to
> /bin/init. TPM NVRAM is used to store a per-machine LUKS password.
>
> The automated tests uses QEMU + swtpm. More precisely, I am using
> QEMU
> 2.10.0 with backported chardev patches plus a custom patch that makes
> it possible to have QEMU start swtpm. swtpm and libtpms are from the
> current tpm2-preview branches
> (5c70e401824e4f3f0900bddb50e7ea5fb7bbd84f
> resp. e0331c6d71b273ef7f71ce6fa17306f6773f543e).
I found that I was accidentally building with a different swtpm2 recipe
in a local workspace, which used an older revision. I also noticed that
the libtpms tpm2-preview branch doesn't actually have the latest
revision: tpm2-preview.rev146 is more recent.
To cut a long story short, with swtpm =
2dfd15d22b425c1ca92c9bc9f03c84634e6e344a and libtpms =
14cb73d6658a9baa41a5e2ff542168463b7becf0 it now works :-)
Stefan, I know you said that you still want to continue rebasing your
tpm2 branches because they aren't ready for use. Do you have an
estimate when the code might become released officially?
I'm also still curious about taking ownership of the TPM.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
next reply other threads:[~2017-11-10 9:07 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-10 9:07 Patrick Ohly [this message]
-- strict thread matches above, loose matches on Subject: below --
2017-11-27 11:50 [tpm2] using TPM2 NVRAM for storing LUKS password Stefan Berger
2017-11-27 10:03 Patrick Ohly
2017-11-10 15:27 Stefan Berger
2017-11-10 12:53 Patrick Ohly
2017-11-10 12:44 Patrick Ohly
2017-11-10 12:04 Stefan Berger
2017-11-10 11:53 Stefan Berger
2017-11-09 20:43 Patrick Ohly
2017-11-09 20:40 Patrick Ohly
2017-11-09 19:51 Patrick Ohly
2017-11-09 15:25 flihp
2017-11-09 15:17 Stefan Berger
2017-11-09 15:10 Patrick Ohly
2017-11-09 14:12 Javier Martinez Canillas
2017-11-09 12:53 Patrick Ohly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1510304872.22094.45.camel@intel.com \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.