13 lines
594 B
Text
13 lines
594 B
Text
# TPM PCRs (platform control registers) to reference while sealing host keys
|
|
# See ArchWiki for a list of registers:
|
|
# https://wiki.archlinux.org/title/Trusted_Platform_Module#Accessing_PCR_registers
|
|
# Example: `sha256:0,4`
|
|
# Required, must be consistent across reboots.
|
|
#tpm_pcrs=
|
|
|
|
# Path to PCR dump to use while creating TPM policy
|
|
# The next boot's registers must match for the keys to be unsealed
|
|
# You can dump the current ones with the following command:
|
|
# root@fedora:~# tpm2_pcrread -o pcr.bin "$tpm_pcrs"
|
|
# Not required, will default to reading current register values.
|
|
#tpm_pcr_bin=
|