Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't sign multiple OSes with LUKS (0x45 from TPM_IncrementCounter) #1531

Open
toothlesslizard opened this issue Nov 18, 2023 · 1 comment
Open

can't sign multiple OSes with LUKS (0x45 from TPM_IncrementCounter) #1531

toothlesslizard opened this issue Nov 18, 2023 · 1 comment

Comments

@toothlesslizard
Copy link

toothlesslizard commented Nov 18, 2023
edited
Loading

Qubes 4.2.0-rc4 LUKS (/dev/nvme*)
Ubuntu 23.10 LUKS (/dev/sda*)
third disk drive - /dev/mmcblk0 - empty

FW_VER - CBET4000 Heads-v0.2.0-1914-g1f39d16-dirty
X230-maximized-eDP
gpg smart card : Nitrokey start

here steps what i do :

  1. OEM Factory Reset / Re-Ownershp
  2. Qubes signed /boot normally and works
  3. Go to -> Change configurations settings -> Change boot device -> /dev/sda2
  4. Default boot -> Yes -> Failed update checksums /sign and TPM want to reset himself.
  5. Reset and goto step 1. Loop.

The same thing happens in reverse order. Ubuntu sign first, then Qubes won't.

In previous firmware I remember that it worked fine but Qubes + Void

heads
@tlaurion
Copy link
Collaborator

tlaurion commented Nov 26, 2023
edited
Loading

@toothlesslizard were qubes and Ubuntu sharing the same /boot partition? The TPM counter is unique per TPM, and stored under /boot for validation per Heads.

If both OSes were sharing /boot then that might be why there was no issue in the past?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tlaurion @toothlesslizard