On Wed, Jun 19, 2024 at 12:33 PM Vitaly Zaitsev via devel < devel@lists.fedoraproject.org> wrote:
> On 19/06/2024 19:45, Jonathan Steffan wrote: > > Unless the private key is off-system, anything will be able to be loaded > > without much fuss. > > Maybe akmods can be updated to use the private key stored in TPM 2.0 if > the system has one? This seems like the most workable path forward if each user needs to sign modules without the private key available in userspace. I'm still learning how to take advantage of this, but have found this talk very useful: https://fosdem.org/2024/schedule/event/fosdem-2024-3141-linux-kernel-tpm-security-and-trusted-key-updates/ -- Jonathan Steffan
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
