osresearch
commented
4 years ago Right now the /usr/sbin/safeboot and tpm-unseal scripts have hard-coded calls to the tpm2_* utilities, so it does not work with TPM1.2 devices.
The only verified devices so far are my X1 gen 5 and T490. I'll add a "Supported devices" page and encourage you to send a pull request if it works for you!
In particular is this works with TPM 2.0 this looks like a compelling alternative to Qubes' Anti Evil Maid, especially for newer laptops, since AEM doesn't work with UEFI nor with TPM 2.0-only devices (i.e. no TPM 1.2 compatibility mode).
This looks awesome, by the way! Thanks for putting it together :-)