You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Break-glass recovery == change the dTPM or the entire device (but not local storage) of an enrolled device.
This requires decrypting enrolled assets as encrypted to an escrow agent's key, then re-encryption to the new EKpub. Decryption of enrolled assets with the escrow key might require off-line interactions, or executing complex EA policies, but sbin/attest-enroll should at least support use of trivial escrow agents.
The text was updated successfully, but these errors were encountered:
Break-glass recovery == change the dTPM or the entire device (but not local storage) of an enrolled device.
This requires decrypting enrolled assets as encrypted to an escrow agent's key, then re-encryption to the new
EKpub. Decryption of enrolled assets with the escrow key might require off-line interactions, or executing complex EA policies, butsbin/attest-enrollshould at least support use of trivial escrow agents.The text was updated successfully, but these errors were encountered: