Nice! I've done similar R&D, looking forward to combining ideas 
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
E.g. make sure to measure LUKS metadata as part of Trusted Boot and to lock the TPM NVRAM index afterwards to avoid attack by booting same bootstrap and a different root partition (here mitigated by use of external HSM; might as well have external /boot too)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Also UEFI Secure Boot has its uses (e.g. only way to stop malicious PXE boot) but is too weak to be used without Trusted Boot, which I see this design uses indeed but I'd defense-in-depth that too: I use both SRTM and DRTM with TrustedGRUB and Intel TBOOT, works great
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.