On Wed, Jun 19, 2024 at 12:33 PM Vitaly Zaitsev via devel < [email protected]> wrote:
> On 19/06/2024 19:45, Jonathan Steffan wrote: > > Unless the private key is off-system, anything will be able to be loaded > > without much fuss. > > Maybe akmods can be updated to use the private key stored in TPM 2.0 if > the system has one? This seems like the most workable path forward if each user needs to sign modules without the private key available in userspace. I'm still learning how to take advantage of this, but have found this talk very useful: https://fosdem.org/2024/schedule/event/fosdem-2024-3141-linux-kernel-tpm-security-and-trusted-key-updates/ -- Jonathan Steffan
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
