Tested with QEMU and works Den tors 21 dec. 2023 kl 12:47 skrev aplanas <aplanas@suse.de>:
Hi,
Some months ago we announced the support of systemd-boot in MicroOS and in Tumbleweed, using a new tool named sdbootutil, that help us to synchronize the boot loader entries with available snapshots in the system.
Today we announce that we supporting the full disk encryption (FDE) tools that systemd bring us via systemd-cryptenroll or cryptsetup. We extended the pcr-oracle to support new PCRs and the generation of authorized policies in JSON format for systemd
With this we also propose a new architecture in the distribution that allows the enrollment of the TPM2 (with full measured boot attestation) and the FIDO2 key, using the already available systemd user tools.
The MicroOS image[0] was also extended to show all this nice features working together.
The long (sorry, maybe too long) explanation is in the news-o-o blog post[1], and the technical details are in the openSUSE Systemd-fde wiki page[2].
Feedback is more than welcome!
... also happy holidays, end of the year and beginning of 2024!
[0] http://download.opensuse.org/tumbleweed/appliances/openSUSE-MicroOS.x86_64-k... [1] https://news.opensuse.org/2023/12/20/systemd-fde/ [2] https://en.opensuse.org/Systemd-fde