| ▲ | hypeatei a day ago | |||||||
Didn't Tailscale try to do something similar but found out quickly that TPMs 1) aren't as reliable as common wisdom makes them out to be, and 2) have gotchas when it comes to BIOS updates? I can't find it now, but I believe someone from Tailscale commented on HN (or was it github?) on what they ran into and why the default was reverted so that things were not stored in the TPM. EDIT: just saw the mention in the article about the BIOS updates. | ||||||||
| ▲ | tiberious726 19 hours ago | parent [-] | |||||||
If you run into the link to this, is love to read it. Proper, modern, pcrphase binding with a signing key should remove these firmware update issues irt the raw pcr value changing | ||||||||
| ||||||||