Re: Read-protected UEFI variables

From: MÃshe van der Sterre
Date: Wed Feb 14 2018 - 13:25:52 EST


On 02/14/2018 02:21 PM, Benjamin Drung wrote:
> If the UEFI is as secure as storing an unencrypted file on a hard
> drive, I am satisfied. Or do you have a better idea where to store the
> SSH keys for a diskless system that boots via network?
I assume it would be best to use TPM for this (if your systems have TPM chips), it is designed for use-cases like this. Searching for "tpm ssh keys" gives a decent amount of results. Mostly targeted at user keys instead of server keys, so this might need some tinkering to get working.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature