[systemd-devel] systemd-pcrlock: what prevents unauthorized changes to the NV index?
Demi Marie Obenour
demi at invisiblethingslab.com
Tue Dec 5 16:12:23 UTC 2023
What prevents unauthorized changes to the NV index used by
systemd-pcrlock? Is the secret key itself stored in the NV index, with
the policy deciding who can read the key? Or does the policy on the NV
index require that the policy established by systemd-pcrlock is itself
satisfied before the NV index can be changed? In the latter case, does
this mean that the index can be "leaked" in certain error conditions?
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20231205/6a5c13f2/attachment-0001.sig>
More information about the systemd-devel
mailing list