From 25c66e163cd9e3a4313648b6f3524197e7220b50 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 21 Sep 2022 10:50:05 -0400
Subject: [PATCH] Some notes on TPM recovery

---
 misc/tpmnotes | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 misc/tpmnotes

diff --git a/misc/tpmnotes b/misc/tpmnotes
new file mode 100644
index 00000000..4e949f0e
--- /dev/null
+++ b/misc/tpmnotes
@@ -0,0 +1,11 @@
+TPM 2 DA (Dictionary Attack) protection triggers on 'unclean' reboots.
+
+If it has been tripped already:
+echo 5 > /sys/class/tpm/tpm0/ppi/request
+
+Then reboot to resume normal operation
+
+To configure DA:
+tpm2_dictionarylockout --setup-parameters --max-tries=4294967295 --clear-lockout 
+
+Further, TPMA_OBJECT_NODA attribute may be useful, see https://github.com/systemd/systemd/issues/20668