squarooticus
commented
2 years ago Similarly, seal a loader to counter+1 and put it in place prior to actually incrementing the counter.
Open squarooticus opened 2 years ago
squarooticus
commented
2 years ago Similarly, seal a loader to counter+1 and put it in place prior to actually incrementing the counter.
squarooticus
commented
2 years ago Keep in mind that +1 doesn't actually work because for a TPM "increment" really means "highest value of any counter + 1", and could be arbitrarily higher.
Use a two-phase commit to update the token for a particular loader without crippling the automated boot after some common classes of errors by: preserving the old token while creating a new token from the new loader written to a different filename; moving the new loader over the original loader, ensuring both are bootable regardless of which "wins"; and then deleting the old token once the new loader is definitely in place.