You are not logged in.
- Topics: Active | Unanswered
#1 2023-09-30 23:23:27
- Soultrigger
- Member
- From: Brazil
- Registered: 2021-11-04
- Posts: 111
When I use UKI, do I already have measured boot?
Hi folks
When I change the linux.preset and use mkinitcpio -P as described in the wiki, Do I already have measured boot on?
By measured boot I mean having the boot process being measured trough various PCRs even before the UKI is loaded to make sure it is not tampered with. It is a work in progress I guess, but you might see some details here.
If not, how can I achieve that? I didnt find a way in the wiki and I dont know if it is something new and thus not in the wiki because of that.
There is the systemd-cryptenroll in the wiki binding it to PCR 0+7, but as far as I understand it, it just prevents the auto-unlock of the encryption if the secureboot was changed (on/off) or if the UEFI changed somehow, such as upgrades. This is in the wiki here.
I am experimenting many ways to install Arch, and having fun with encryption, lvm on luks, discoverable partition specification, secure boot and so on, I want to learn more. 
PS: Not really related, but is there a way to use LVM and still use discoverable partitions specification to auto mount partitions? I guess not because I didnt find a way to change the logical volumes type to emulate partitions types... (I am a newbe though).
Offline