Y
Hacker News
new
|
ask
|
show
|
jobs
by
gorgoiler
107 days ago
Don’t you just hit ESC during boot and change the Linux command line to init=/bin/sh?
2 comments
izacus
107 days ago
TPM will not unseal the key if you change kernel parameters. It's one of the PCRs.
You'll be dropped into "enter disk crypt password please" prompt.
link
Gigachad
107 days ago
Looks like you can either password protect grub or have the kernel start command part of the list of things the TPM checks before unlocking the key.
link
You'll be dropped into "enter disk crypt password please" prompt.