1 Like
TPM boot verification checks that the disk has not been swapped out for another imposter disk, that the disk cannot be booted on a different platform, and hasn’t been modified without permission by a physical access attack (something like a bad usb attack).
I have three issues to solve to get the last check mark green for HSI attestation (Global Config → This Device → Security Report).
- Qubes 4.2 on System 76 has an issue with right clicking on trackpad to move files between qubes and with ctrl-shift-c/v for copying and pasting the script into
boot_verify.sh
Platform Configuration Registers
- I am wondering how to find the path/to/known_good_pcr_file as outlined in the kennethrrosen GitHub guide.
Replace /path/to/known_good_pcr_value with the path where you store the known good PCR value.
- How do I tell if the boot is ‘headless’