extend PCR 4 in a recovery to prevent disk key decryption (issue #154)

2024-11-21 23:59:59 +00:00 · 2017-04-03 10:30:03 -04:00 · 2017-04-03 10:30:03 -04:00 · e41e21084a
commit e41e21084a
parent 174bb64957
1 changed files with 1 additions and 1 deletions
--- a/initrd/bin/qubes-init
+++ b/initrd/bin/qubes-init
@ -8,7 +8,7 @@
 recovery() {
 	echo >&2 "!!!!! $@"
 	rm -f /tmp/secret.key
-	tpm extend -ix 4 -if recovery
+	tpm extend -ix 4 -ic recovery

 	echo >&2 "!!!!! Starting recovery shell"
 	exec /bin/ash