mirror of
https://github.com/linuxboot/heads.git
synced 2025-02-20 17:22:53 +00:00
353a0efe6f
This adds support for seamless booting of Qubes with a TPM disk key, as well as signing of qubes files in /boot with a Yubikey. The signed hashes also includes a TPM counter, which is incremented when new hashes are signed. This prevents rollback attacks against the /boot filesystem. The TPMTOTP value is presented to the user at the time of entering the disk encryption keys. Hitting enter will generate a new code. The LUKS headers are included in the TPM sealing of the disk encryption keys.