On 7/19/22 12:13, Lennart Poettering wrote:
On Di, 19.07.22 16:15, Gerd Hoffmann (kraxel(a)redhat.com) wrote:
>> Moreover, this allows us to implemented TPM policies that bind to
>> signatures of PCR hashes, instead of the literal hash values. That
>> makes the measurements a *million* times more useful, since we loose
>> the brittleness on updates: if the expected PCR values can be
>> pre-calculated by the vendor, and then be signed, then an update won't
>> invalidate the policies anymore.
>
> Another case which requires creating initrds at build time.
Yupp.
Zbigniew and I are working on making pre-built initrds for general
purpose distros a reality, i.e. finding a way between keeping things
reasonably modular but also pre-generated, immutable, pre-measurable,
and thus have a tight trust chain at boot. We'll do two talks about
that at Linux Plumbers Conference later this year.
Lennart
I wonder if Qubes OS could use any of this work. It seems that it
would be incredibly useful, at least if it supported systems using
the Xen hypervisor.
--
Sincerely,
Demi Marie Obenour (she/her/hers)