Page MenuHomeVyOS Platform

TPM-backed config encryption
In progress, WishlistPublicFEATURE REQUEST


Looking into viability of adding support for TPM-backed encryption of /config data

Various factors to consider:

  • Which PCRs to require to ensure hardware/software integrity (End user configurable?)
  • Handling failed config decryption on boot (Fallback config?)


Difficulty level
Hard (possibly days)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

sdev triaged this task as Wishlist priority.
sdev changed Difficulty level from Unknown (require assessment) to Hard (possibly days).
sdev changed Version from - to 1.4.
syncer changed the task status from Open to In progress.Jan 6 2023, 10:04 PM