On 21.12.2023 15:47, aplanas wrote:
Hi,
Some months ago we announced the support of systemd-boot in MicroOS and in Tumbleweed, using a new tool named sdbootutil, that help us to synchronize the boot loader entries with available snapshots in the system.
Today we announce that we supporting the full disk encryption (FDE) tools that systemd bring us via systemd-cryptenroll or cryptsetup. We extended the pcr-oracle to support new PCRs and the generation of authorized policies in JSON format for systemd
With this we also propose a new architecture in the distribution that allows the enrollment of the TPM2 (with full measured boot attestation) and the FIDO2 key, using the already available systemd user tools.
The MicroOS image[0] was also extended to show all this nice features working together.
I had to manually enter LUKS password after "transactional-update dup" until I manually run "sdbootutil update-predictions". Is it expected?