On Tue, Sep 12, 2023 at 12:16:20PM +0800, Chan Ju Ping wrote:
On Thursday, 27 July 2023 15:54:45 +08 Gary Lin via openSUSE Factory wrote:
# fdectl tpm-authorize
We are still working on a solution to update the signature automatically after shim and grub2 update to reduce such hassles.
Admittedly, I have forgotten to run this enough times to ask what are the current methods that are being tested to automate running `fdectl tpm- authorize` after running zypper dup? I would love to give it a shot.
I have a POC fde-tools(*) to add the RPM macros and helper for shim and grub2 to update the signature with the post/posttrans scripts. So far, the helper script works as expected in my testing VM. Will update the status here once it's ready for openSUSE:Factory :) Gary Lin (*) https://github.com/lcp/fde-tools/commits/tpm-auto-update