Description
Physical device trust can be checked with time-based one-time passwords bound to TPM state. The tool helps owners verify that boot measurements still match expected values before entering secrets on a machine. Setup can involve initramfs hooks, boot display paths, and TPM material, so keep recovery credentials available before changing measured-boot policy.