Index ·| www.freedesktop.org
Unified Kernel Image (UKI) # A Unified Kernel Image (UKI) is a combination of an UEFI boot stub program, a Linux kernel image, an initrd, and further resources in a single UEFI PE file. This file can either be directly invoked by the UEFI firmware (which is useful in particular in some cloud/Confidential Computing environments) or through a boot loader (which is generally useful to allow multiple kernel versions with interactive or automatic selection of version to boot into).| uapi-group.org
TCG has released the TPM 2.0 Library specification that provides updates to the previous published TPM main specifications. The changes and enhancements compared to the existing TPM 1.2 include: Support … Continue reading ""| Trusted Computing Group
A unified kernel image (UKI) is a single executable which can be booted directly from UEFI firmware, or automatically sourced by boot loaders with little or no configuration. It is the combination of a UEFI boot stub program like systemd-stub(7), a Linux kernel image, an initrd, and further resources in a single UEFI PE file.| wiki.archlinux.org
Discover Ubuntu’s latest security enhancement: TPM-backed Full Disk Encryption (FDE). This experimental feature in Ubuntu 23.10 offers improved data protection without the need for passphrases […]| Ubuntu
🔏 Linux TPM PCR Registry 🗒️ # TPM PCRs are a scarce resource, there are only 24 of them in typical standards compliant TPMs. According to the TCG PC Client Specific Platform Firmware Profile Specification | Trusted Computing Group the OS can make use of PCRs 8…15. This document lists which component is using which PCR on a Linux platform in order to minimize conflicts. PCRs owned by the firmware, i.| uapi-group.org
The Trusted Platform Module is a security device that sits on a physical motherboard, runs in a CPU trust zone, or is provided by a hypervisor. By functioning below the OS and boot sequence, it provides a trust anchor to verify those systems even if they’ve been compromised. TPMs are required for any device qualified for Windows, underpinning technologies like Windows’ BitLocker, various features in ChromeOS, and Linux’s Integrity Measurement Architecture.| ericchiang.github.io
Nix flakes is an experimental feature of the Nix package manager. Flakes was introduced with Nix 2.4 on 2021-11-01 (see release notes).| nixos.wiki
