If the keyslot changes (e.g., from a reencrypt) leftover token will prevent `get_emboot_key_slot()` from finding it

squarooticus / efi-measured-boot

Measured Boot for TPM 2.0-enabled UEFI Debian Systems

MIT License

17 stars 2 forks source link

If the keyslot changes (e.g., from a reencrypt) leftover token will prevent `get_emboot_key_slot()` from finding it #5

Closed squarooticus closed 2 years ago

squarooticus commented 2 years ago

There's a related "bug" that mitigates this one, which is that under normal operation, all loaders are created first, which under normal circumstances will delete all associated tokens, so passphrase trials need to be performed anyway.