Some notes on TPM recovery

2024-11-21 17:11:58 +00:00 · 2022-09-21 10:50:05 -04:00 · 2022-09-21 10:50:05 -04:00 · 25c66e163c
commit 25c66e163c
parent ba7832eb40
1 changed files with 11 additions and 0 deletions
--- a/misc/tpmnotes
+++ b/misc/tpmnotes
@ -0,0 +1,11 @@
+TPM 2 DA (Dictionary Attack) protection triggers on 'unclean' reboots.
+
+If it has been tripped already:
+echo 5 > /sys/class/tpm/tpm0/ppi/request
+
+Then reboot to resume normal operation
+
+To configure DA:
+tpm2_dictionarylockout --setup-parameters --max-tries=4294967295 --clear-lockout 
+
+Further, TPMA_OBJECT_NODA attribute may be useful, see https://github.com/systemd/systemd/issues/20668