10.03.2025 19:27, Adrian Vovk wrote:
Basically, the bug is: an attacker does a DOS on the TPM in such a way that
systemd boots to the rootfs without measuring the `leave-initrd` pcrphase,
pcrphase works only with UKI and OP started with mentioning separate
kernel and initrd which excludes UKI
> On 13 Mar 2025, at 11:03, Barry wrote:
>
> After=pipwire.service on modern systems I assume.
Sorry After=pipewire.service
Thanks for the help. I tested it out (using sed to escape backslashes and
quotes) and it seems to work perfectly.
On Thursday, March 13th, 2025 at 10:26 AM, Andrei Borzenkov
wrote:
>
>
> On Thu, Mar 13, 2025 at 4:54 PM Daniel Hast hast.dan...@protonmail.com wrote:
>
> > Hello,
> >
> > I
Dear systemd developers,
I have a release-critical bug filed against the fluidsynth package in
Debian [1] that I don't quite understand. The bug is especially against
the fluidsynth.service file (attached to this mail).
To provide some background, fluidsynth is a MIDI daemon that can work
with d
On Thu, Mar 13, 2025 at 4:54 PM Daniel Hast wrote:
>
> Hello,
>
> I'm working on a shell script that makes use of run0, and I'm having trouble
> figuring out how to escape a file path in the --property option. I want to
> use --property="ProtectSystem=strict" and --property="ReadWritePaths=[...]
Hello,
I'm working on a shell script that makes use of run0, and I'm having trouble
figuring out how to escape a file path in the --property option. I want to use
--property="ProtectSystem=strict" and --property="ReadWritePaths=[...]" to
limit the transient service unit's write access to only t
Hi,
I'm looking for a completely filled out user_record.json for writing tests. At
[1] you can find an Examples sections, but there are only shorter ones. I
couldn't find anything in the source code.
Does someone know if there exists one?
Best regards
Andreas
[1] https://systemd.io
> On 13 Mar 2025, at 08:56, Andrei Borzenkov wrote:
>
> What's wrong with adding After=pulseaudio.service (or whatever this
> user service is called)?
After=pipwire.service on modern systems I assume.
Barry
On 2025-03-13 10:10, Andrei Borzenkov wrote:
On Tue, Mar 11, 2025 at 12:17 AM aplanas wrote:
[1]
https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock/
This attack is possible because root is bound to the boot time TPM
state that is not modified after the system is booted.
On Tue, Mar 11, 2025 at 12:17 AM aplanas wrote:
>
> On 2025-03-10 19:04, Adrian Vovk wrote:
>
> > Presuming a system like this:
> > - We've got a Linux desktop system
> > - We have two dm-verity protected /usr partitions
> > - We have one encrypted rootfs
> > - We're using systemd-repart to create
On Thu, Mar 13, 2025 at 11:42 AM Fabian Greffrath wrote:
>
> Dear systemd developers,
>
> I have a release-critical bug filed against the fluidsynth package in
> Debian [1] that I don't quite understand. The bug is especially against
> the fluidsynth.service file (attached to this mail).
>
> To pr
11 matches
Mail list logo
