|
|
|
|
|
|
by Boulth6
1942 days ago
|
|
|
> To defend against an attacker sideloading a different OS, I rely on secure boot to only load my kernel and hence my userspace. You could additionally seal the TPM key to specific PCR values so that only booting your kernel would allow using that TPM key. > kernel, but potentially not root, could be able to change the tpm keys on an x86 system? Depends on what do you mean by "change". They can't extract private bits but they can remove and add new ones. But if the data is encrypted using the old key it would become bit recoverable. |
|
|