5
2
I'd like to use the TPM to secure my boot process for my linux laptop. Any manual, howto or tutorial I have found about this topic mentions I have to use the TrustedGrub bootloader to keep up the trust chain. TrustedGrub, however, is not in the repositories of any major distribution, it is based on Grub1 so the number of file systems it can boot from is quite limited, and worst of all, it cannot boot from UEFI, so I simply cannot use it.
What I want to do is seal a passkey for unlocking an encrypted drive in the TPM.
The question on my mind is: do I really absolutely have to use TrustedGrub to use the TPM, or can I use another boot loader like Grub2, Shim, Gummiboot or whatelse is there? Does the bootloader actually matter which bootloader I choose?
Neither TrustedGrub nor tboot work on UEFI systems, so any advice on a bootloader extending the chain of trust? – Peter – 2013-07-15T21:47:19.147
None that I know of - sorry. Maybe you shoul look into UEFI's secure boot stuff... – Scolytus – 2013-07-16T19:17:18.763
I would if I could, but sadly, no secure boot support on that system, just plain UEFI. – Peter – 2013-07-17T08:50:52.710
Well, if you don't need any special UEFI functions you could try to use legacy/BIOS mode. But I haven't tried it nor do I know how the chain of trust would be built in this setup. – Scolytus – 2013-07-19T05:53:46.243