Kyle Rankin d937426306 Use the Librem Key as a TPM work-alike in the absence of a TPM ... On machines without a TPM, we'd still like some way for the BIOS to attest that it has not been modified. With a Librem Key, we can have the BIOS use its own ROM measurement converted to a SHA256sum and truncated so it fits within an HOTP secret. Like with a TPM, a malicious BIOS with access to the correct measurements can send pre-known good measurements to the Librem Key. This approach provides one big drawback in that we have to truncate the SHA256sum to 20 characters so that it fits within the limitations of HOTP secrets. This means the possibility of collisions is much higher but again, an attacker could also capture and spoof an existing ROM's measurements if they have prior access to it, either with this approach or with a TPM. Signed-off-by: Kyle Rankin <kyle.rankin@puri.sm>		2023-06-14 09:58:34 -04:00
..
distro/keys	Qubes weekly signing key has changed. Removed testing and replaced.	2023-05-24 12:13:07 -04:00
ash_functions	Fix 'Tracing...' text output still stating functions instead of ash_functions where they are called from	2023-04-03 14:31:21 -04:00
fstab	fstab, init: Remove securityfs mount	2023-03-13 14:11:02 -04:00
functions	Use the Librem Key as a TPM work-alike in the absence of a TPM	2023-06-14 09:58:34 -04:00
group	Build the Heads/NERF firmware for the Dell R630 server.	2017-09-20 10:29:14 -04:00
gui_functions	Add dual support for real bash and busybox's bash(ash)	2023-03-08 12:45:44 -05:00
hosts	localhost should be defined	2018-02-09 12:05:49 -05:00
luks-functions	Add dual support for real bash and busybox's bash(ash)	2023-03-08 12:45:44 -05:00
motd	restore /etc/motd	2018-03-08 01:14:41 -05:00
mtab	add /etc/fstab and /etc/mtab to initrd image	2017-04-10 12:59:24 -04:00
passwd	recovery, passwd: Use /bin/sh for interactive shells	2023-03-08 12:45:51 -05:00
shells	Build the Heads/NERF firmware for the Dell R630 server.	2017-09-20 10:29:14 -04:00