michael-chang

michael-chang

Use TPM2 Policynv to validate sealed key to prevent downgrade attack

a project by michael-chang

Project Description

Currently a key rotation via fdectl regenerate-key is used to revoke all released tpm2 sealed keys. However the procedure can be a bit risky as the result to change key slots. Using tpm2 policynv may provide better approach in this regard given a counter or timestamp can be matched to validate tpm keys before using it.

michael-chang
Updated 6 months ago. 2 hacker ♥️. 1 follower.
6
4
4
7

Looking for projects around:

Nothing at the moment

Activity

  • 6 months ago: michael-chang liked Yubikey support in GRUB2
  • 6 months ago: michael-chang started Use TPM2 Policynv to validate sealed key to prevent downgrade attack
  • 6 months ago: michael-chang liked Plan 9 filesystem support in GRUB
  • 6 months ago: michael-chang originated Use TPM2 Policynv to validate sealed key to prevent downgrade attack
  • about 4 years ago: michael-chang originated Install LTSP server in a Docker container
  • almost 6 years ago: michael-chang originated Self Encryption Drives support in openSUSE
  • almost 8 years ago: michael-chang liked OpenSUSE support for OpenStack Training
  • almost 8 years ago: michael-chang originated Build OpenStack traning labs
  • over 8 years ago: michael-chang liked fix printing in the Taipei office
  • over 9 years ago: michael-chang liked openSUSE on QEMU/AArch64 + UEFI
  • over 9 years ago: michael-chang joined Look at network test tools
  • over 9 years ago: michael-chang liked Look at network test tools
  • over 9 years ago: michael-chang disliked Look at network test tools
  • over 9 years ago: michael-chang liked ipv6 pxe booting on grub2
  • over 9 years ago: michael-chang started ipv6 pxe booting on grub2
  • over 9 years ago: michael-chang liked Look at network test tools
  • over 9 years ago: michael-chang disliked Look at network test tools
  • over 9 years ago: michael-chang liked Look at network test tools
  • over 9 years ago: michael-chang originated ipv6 pxe booting on grub2
  • over 10 years ago: michael-chang started Booting to btrfs snapshots with grub2
  • over 10 years ago: michael-chang originated Booting to btrfs snapshots with grub2