-
@ Morten Linderud
2025-03-01 18:45:45
Imaginative threat scenario:
When it comes to #SecureBoot some people don't want to enroll Microsoft keys because they are afraid it opens up the possibility of booting malicious boot environments.
My LUKS password is TPM sealed with PCR7 and requires a PIN. Microsoft keys enrolled.
You are a threat actor trying to decrypt my disk. You have managed to successfully boot a malicious initramfs and presented me with a LUKS prompt.
What do you do once I hit enter?
#Security #TPM