Skip to content
/ freebsd-patch-geli-password-from-tpm2 Public

A patch for the FreeBSD source tree which enables fetching of GELI password from TPM2 and booting a trusted root filesystem

License

BSD-2-Clause license
11 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sadaszewski/freebsd-patch-geli-password-from-tpm2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

81 Commits
script
script
 
 
stand/efi
stand/efi
 
 
sys/kern
sys/kern
 
 
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
apply_patch.py
apply_patch.py
 
 
t
t
 
 
tasks
tasks
 
 

Repository files navigation

freebsd-patch-geli-password-from-tpm2

A patch for the FreeBSD source tree which enables fetching of GELI password from TPM2 and booting a trusted root filesystem

- IMPORTANT NOTICE
-
- The patch now uses new approach based on standard TPM2 provisioning
- and decryption rather than storing the passphrase in an NV index.
- Additionally, GELI keys are now stored rather than the passphrase
- which eliminated the key computation phase, making things faster.
- Old code can be accessed in the "deprecated_using_nvindex" branch.
-
- After installing the patched kernel and loader you can set up the
- the scheme using script/setup_gkut2.py. Make sure that the correct
- PCR registers are used to secure the decryption key.
-
- GKUT2 stands for GELI Key Using TPM2.

About

A patch for the FreeBSD source tree which enables fetching of GELI password from TPM2 and booting a trusted root filesystem

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

11 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages