similar to: Schema Update to store TPM data in AD DS

On Fri, 2018-09-07 at 18:14 +0200, Johannes Engel via samba wrote: > Hi all, > > has anyone here experience with storing BitLocker and TPM data in AD DS on > Samba? > I have stumbled across this Microsoft page ( > https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-8.1-and-8/jj635854%28v%3dws.11%29) > stating that Windows 2008 R2 needs a schema extension

Any deviation from the expected boot process will prevent BitLocker from accessing the volume key in the TPM. One reason this behavior exists is to prevent malicious code from being loaded (such as via booting first to CD / USB / PXE, loading malware, and then continuing to boot to Windows). So what's happening here is the deviation from firmware -> PXE -> HDD is detected and the volume

That's a great question, actually, I should have remembered to mention that! You can control what factors are used for the TPM's integrity check to release the bitlocker key on boot. Depending on whether your on a BIOS or EFI machine, there are slight differences, but definitely controllable by group policy. http://technet.microsoft.com/en-us/library/ee706521(v=ws.10).aspx#BKMK_depopt3 I

I'm wondering if anyone can make any suggestions? Rowland? Andrew? Even if it's just to suggest a framework for troubleshooting on my own? I really appreciate any time you can spare. Matthew On 2020.11.02, 5:59 PM, "samba on behalf of Matthew Delfino Samba List via samba" <samba-bounces at lists.samba.org on behalf of samba at lists.samba.org> wrote: Hello! I

Label is OS and I believe there are all booting MBR. Is there a way to clear the memory then continue loading ? or rebooting the machine from the menu. I have tried that reboot.c32 and cannot get it to reboot the machine. Matt -----Original Message----- From: Gene Cumm [mailto:gene.cumm at gmail.com] Sent: Monday, April 28, 2014 1:04 PM To: Taylor Jr, Matthew [U.S. Computer Corp] Cc:

On Fri, Feb 22, 2019 at 12:26:10PM +0200, Jarkko Sakkinen wrote: > On Thu, Feb 21, 2019 at 06:14:02PM -0800, David Tolnay wrote: > > Add a config TCG_VIRTIO_VTPM which enables a driver providing the guest > > kernel side of TPM over virtio. > > > > Use case: TPM support is needed for performing trusted work from within > > a virtual machine launched by Chrome OS.

On Fri, Feb 22, 2019 at 09:31:56PM +0200, Jarkko Sakkinen wrote: > On Fri, Feb 22, 2019 at 10:23:02AM -0500, Michael S. Tsirkin wrote: > > On Fri, Feb 22, 2019 at 12:26:10PM +0200, Jarkko Sakkinen wrote: > > > On Thu, Feb 21, 2019 at 06:14:02PM -0800, David Tolnay wrote: > > > > Add a config TCG_VIRTIO_VTPM which enables a driver providing the guest > > >

On Fri, Feb 22, 2019 at 09:33:05PM +0200, Jarkko Sakkinen wrote: > On Fri, Feb 22, 2019 at 09:31:56PM +0200, Jarkko Sakkinen wrote: > > On Fri, Feb 22, 2019 at 10:23:02AM -0500, Michael S. Tsirkin wrote: > > > On Fri, Feb 22, 2019 at 12:26:10PM +0200, Jarkko Sakkinen wrote: > > > > On Thu, Feb 21, 2019 at 06:14:02PM -0800, David Tolnay wrote: > > > > >

On Fri, Feb 22, 2019 at 11:59:23PM +0200, Jarkko Sakkinen wrote: > On Fri, Feb 22, 2019 at 02:31:37PM -0700, Jason Gunthorpe wrote: > > On Fri, Feb 22, 2019 at 04:16:01PM -0500, Michael S. Tsirkin wrote: > > > On Fri, Feb 22, 2019 at 07:30:16AM -0800, James Bottomley wrote: > > > > On Thu, 2019-02-21 at 18:14 -0800, David Tolnay wrote: > > > > > Add a

On Fri, Feb 22, 2019 at 07:30:16AM -0800, James Bottomley wrote: > On Thu, 2019-02-21 at 18:14 -0800, David Tolnay wrote: > > Add a config TCG_VIRTIO_VTPM which enables a driver providing the > > guest kernel side of TPM over virtio. > > What's the use case for using this over the current non-virtio vTPM?. > I always thought virtio was about guest to host transport

On Sat, Feb 23, 2019 at 12:36:34AM +0200, Jarkko Sakkinen wrote: > I do not require spec quality documentation. Just a few paragraphs of > what is in crosvm, kernel etc. and something about inner workings to > get a rough idea. No need for TCG level spec for this :-) OTOH for virtio if there's no implementation in a popular hypervisor/language, we do ask for a somewhat detailed spec.

On 20/11/2020 02:13, Matthew Delfino Samba List wrote: > Thank you, Andrew! > > This evening I attempted the upgrade. I first carefully commented out each of the attributes from the Schema-Updates.md file. I then saved the file and ran the following command, which gave me the subsequent output: > > (as root) > > # samba-tool domain schemaupgrade > Temporarily

Hello: I need to update the samba schema when I run the command: samba-tool domain schemaupgrade I have this error: Temporarily overriding 'dsdb:schema update allowed' setting Patched Sch49.ldf using /usr/local/samba/share/setup/adprep/WindowsServerDocs/Sch49.ldf.diff Patched Sch50.ldf using /usr/local/samba/share/setup/adprep/WindowsServerDocs/Sch50.ldf.diff Patched Sch51.ldf using

On 08/29/2018 07:38 AM, Dag Nygren wrote: > On onsdag 29 augusti 2018 kl. 10:00:39 EEST Sandro Bonazzola wrote: >> 2018-08-28 13:52 GMT+02:00 Dag Nygren <dag at newtech.fi>: >> >>> We have a desperate need for TPM support and: >>> >>> 1. Tried the "standard" distro install. linvirt supports >>> TPM passthrough but kvm-qemu

On onsdag 29 augusti 2018 kl. 15:37:47 EEST Alvin Starr wrote: > On 08/29/2018 07:38 AM, Dag Nygren wrote: > > > On onsdag 29 augusti 2018 kl. 10:00:39 EEST Sandro Bonazzola wrote: > >> 2018-08-28 13:52 GMT+02:00 Dag Nygren <dag at newtech.fi>: > >> > >>> We have a desperate need for TPM support and: > >>> > >>> 1. Tried the

Hi, I am currently running a Debian lenny on top of a Ubuntu 9.04 dom0. (Xen version is 3.4) Now I want to test some tpm functions in the domU, but I am having troubles reaching the TPM. To do so, I am following the tutorial here : https://www.grounation.org/index.php?post/2008/07/04/8-how-to-use-a-tpm-with-linux I have already used this tutorial on a non-virtualised machine, and even on my

I am trying to get TPM 2.0 pass through to work with Xen and libvirt, but I can't get it to work. According to the following sites both Xen and libirt have TPM 2.0 support. https://wiki.xen.org/wiki/Virtual_Trusted_Platform_Module_(vTPM) https://libvirt.org/formatdomain.html#elementsTpm However, when I add a TPM device to a VM (by virt-manager), the VM guest XML does contain the TPM

has anyone implemented any sort of 'secure boot' using TPM 1.2 modules on the server boards using CentOS 6.x ? I'm not finding much concrete stuff on how to setup and manage a system like this, but I've been asked to research it for a security application internally at my job. our primary application for the TPM is for client authentication certificates in an SSL application

Hi, i am using Xen 3.2.0 and want to use the TPM in dom0. I have activated vtpm and everything runs fine in my domUs. The question is, how can I access the TPM in dom0? As far as I know vtpm_managerd exclusively locks /dev/tpm0. As soon as I start vtpm_managerd my own program cannot access the TPM anymore. Is there a vtpm instance for dom0 like the ones for the user domains? Thanks in advance

Hi, I would like to clarify how to make snapshots of running VMs with emulated TPM devices. As far as I understand QEMU documentation, it's possible to make snapshots of running VMs with TPM, but it's important to retain the state of swtpm. Does libvirt assist with that in any way or is it completely user's responsibility? libvirt pauses the VM internally when making a snapshot,