MrChromebox
commented
6 months ago there's nothing I can do about the fact that the CR50 is not a full TPM 2.0 implementation. I'm not sure if it's sufficient for what you're asking
Open ChocolateLoverRaj opened 6 months ago
MrChromebox
commented
6 months ago there's nothing I can do about the fact that the CR50 is not a full TPM 2.0 implementation. I'm not sure if it's sufficient for what you're asking
tlaurion
commented
3 days ago @MrChromebox https://github.com/tpm2-software/tpm2-tools/issues/3434
Blocker for https://github.com/linuxboot/heads/pull/1658#issuecomment-2136000413 (TPM released Disk Unlock Key: sealing of secret in nvram fails)
MrChromebox
commented
3 days ago @MrChromebox tpm2-software/tpm2-tools#3434
Blocker for linuxboot/heads#1658 (comment) (TPM released Disk Unlock Key: sealing of secret in nvram fails)
@tlaurion CR50 is not a fully TPM 2.0 compliant implementation, as per my comment above. I don't think there's anything missing from the firmware init, other TPM 2.0 chips are fine
tlaurion
commented
1 hour ago @MrChromebox tpm2-software/tpm2-tools#3434
Blocker for linuxboot/heads#1658 (comment) (TPM released Disk Unlock Key: sealing of secret in nvram fails)
@tlaurion CR50 is not a fully TPM 2.0 compliant implementation, as per my comment above. I don't think there's anything missing from the firmware init, other TPM 2.0 chips are fine
https://github.com/tpm2-software/tpm2-tools/issues/3434#issuecomment-2487391586
Two secrets are sealed with same policy, one succeeds (TPM totp with tpm2), where sealing TPM disk unlock key in seperate nvram region fails.
Two logs provided at https://github.com/linuxboot/heads/pull/1658#issuecomment-2136075503
It would be really convenient having automatic LUKS unlocking with TPM on Chromebooks, but it doesn't work rn. Are there plans for it to be implemented?