Bug#846383: grub2: add TPM support
Vincent Bernat
bernat at debian.org
Sat Aug 21 15:05:11 BST 2021
❦ 30 November 2016 20:11 GMT, Urquiza, Fabio:
> We think that TPM support is a good addition to Debian because it can increase
> its adoption in environments where a more secure approach to the booting is
> needed, by being able to securely measure if any component has been
> tampered.
It seems that Grub in Debian has now TPM support as there is a tpm.mod
shipped with Grub. Manual here:
https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html
The documentation suggests the module should be builtin. If not, it is a
bit unknown what can happen. Maybe the tpm.mod itself can be tampered?
Would it be possible to have the module builtin for GRUB UEFI (where
the size does not matter)?
--
The difference between a Miracle and a Fact is exactly the difference
between a mermaid and a seal.
-- Mark Twain
More information about the Pkg-grub-devel
mailing list