❦ 30 November 2016 20:11 GMT, Urquiza, Fabio: > We think that TPM support is a good addition to Debian because it can increase > its adoption in environments where a more secure approach to the booting is > needed, by being able to securely measure if any component has been > tampered.
It seems that Grub in Debian has now TPM support as there is a tpm.mod shipped with Grub. Manual here: https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html The documentation suggests the module should be builtin. If not, it is a bit unknown what can happen. Maybe the tpm.mod itself can be tampered? Would it be possible to have the module builtin for GRUB UEFI (where the size does not matter)? -- The difference between a Miracle and a Fact is exactly the difference between a mermaid and a seal. -- Mark Twain
