TrustedGRUB2
tpm2-tools
TrustedGRUB2 | tpm2-tools | |
---|---|---|
4 | 1 | |
191 | 666 | |
0.0% | 0.9% | |
1.8 | 8.2 | |
over 2 years ago | 5 days ago | |
C | C | |
GNU General Public License v3.0 only | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
TrustedGRUB2
-
Encryption in archinstall?
Last time I checked, yes. There's been a few projects like TrustedGRUB2 *(which luks-tpm-boot uses) that was intended to make this work on GRUB. But in all fairness, GRUB is pretty dead to me personally as it's a lot of workarounds depending on what hardware you're working with. The only reason really we support GRUB is because it works on older hardware and on more edge cases (like USB drives etc). But if I could choose, I'd make it so everyone used EFI and we could use systemd-boot everywhere ^
-
Trusted boot option missing from tumbleweed install?
AFAIK trusted boot is in limbo, the upstream project is no longer maintained and it was never very clear exactly how it should be exposed to users anyway. So yeah it has been removed from TW.
-
Question regarding secure boot and trusted boot and TPM activation for passphrase
Trusted Boot in yast2 switches the bootloader to TrustedGrub2 instead of normal Grub2. It does work on both legacy bios and EFI. This adds several verification steps to the boot process but be aware the support is somewhat piecemeal. I am not an expert on the details.
-
Linux-native TPM-backed Bitlocker
What do you think about https://github.com/Rohde-Schwarz/TrustedGRUB2
tpm2-tools
-
AWS SIGv4 and SIGv4A – How AWS Signs and Verifies API Requests
If you are looking for some references besides my linked code, this comment[0] on the tpm2-tools repo will probably be useful. FWIW, I've moved my workflow over to having long lived aws keys protected by my TPM and then I generate session credentials from that for normal aws cli usage.
[0]: https://github.com/tpm2-software/tpm2-tools/issues/1597
What are some alternatives?
clevis - Automated Encryption Framework
swtpm - Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.
mortar - Framework to join Linux's physical security bricks.
tpm2-tss - OSS implementation of the TCG TPM2 Software Stack (TSS2)
safeboot - Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support
aws-vault - A vault for securely storing and accessing AWS credentials in development environments
linux-secureboot-kit - Tool for complete hardening of Linux boot chain with UEFI Secure Boot
OpenVPN - OpenVPN is an open source VPN daemon
tpm2.0-tools - The source repository for the Trusted Platform Module (TPM2.0) tools [Moved to: https://github.com/tpm2-software/tpm2-tools]
idevicerestore - Restore/upgrade firmware of iOS devices
linux-luks-tpm-boot - A guide for setting up LUKS boot with a key from TPM in Linux