Re: TPM2 Support in bootloader / kernel in order to retrieve GELI passphrase
Date: Sat, 29 Oct 2022 13:48:01 UTC
Since for the moment there does not seem to be that much traction for integrating it upstream, I have created a separate Git repository: https://github.com/sadaszewski/freebsd-patch-geli-password-from-tpm2 which can somewhat intelligently patch any FreeBSD source tree and allows to build the TPM2-passphrase-aware bootloader and kernel. I hope this will facilitate use by people who actually want/need it. I will also start putting some unit tests in there, in particular for the TPM code using swtpm + libtss2-tcti-swtpm - hopefully in the future all of it can be mostly test-covered. Soon, I will also throw in some scripts that automate the TPM2 setup. Best regards, -- S.