Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-35965

clevis: make clevis-pin-tpm2 required

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.0.beta
    • clevis
    • None
    • None
    • rhel-sst-security-special-projects
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • None
    • Unspecified Release Note Type - Unknown
    • None

      For RHEL 10, Make clevis-pin-tpm2 required by clevis, so it gets used as default pin.

      Rationale: clevis-pin-tpm2 is a newer/rewritten tpm2 pin that supports tpm2 authorized policies (although for this it needs a signing tool that is not part of Fedora/RHEL yet).

      The change consists in adding a Requires: clevis-pin-tpm2 to the clevis spec file, making it required. Being available, clevis will use it as the tpm2 pin.

      AC: make sure clevis includes clevis-pin-tpm2 as a dependency.

              sarroutb@redhat.com Sergio Arroutbi
              scorreia@redhat.com Sergio Correia
              Sergio Correia Sergio Correia
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: