mirror of
https://github.com/xcat2/confluent.git
synced 2025-10-30 19:02:29 +00:00
3c41c52d77
For one, need to detect stale TPM value and clear them. For another, seal to PCR 15 and extend after unlock, so that the booted system is unable to retrieve the data from the TPM (e.g. a plain user by default is allowed to unseal data if there's no policy, so use a policy and extend the state away before boot)