Adding upstream version 252.22.upstream/252.22 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 15:35:18 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-07 15:35:18 +0000
commit: b750101eb236130cf056c675997decbac904cc49 (patch)
tree: a5df1a06754bdd014cb975c051c83b01c9a97532 /man/tpm2-crypttab.sh
parent: Initial commit. (diff)
download: systemd-b750101eb236130cf056c675997decbac904cc49.tar.xz
systemd-b750101eb236130cf056c675997decbac904cc49.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/man/tpm2-crypttab.sh b/man/tpm2-crypttab.sh
new file mode 100644
index 0000000..d109eb4
--- /dev/null
+++ b/man/tpm2-crypttab.sh
@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: MIT-0
+
+# Enroll the TPM2 security chip in the LUKS2 volume, and bind it to PCR 7
+# only. Replace /dev/sdXn by the partition to use (e.g. /dev/sda1).
+sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sdXn
+
+# Test: Let's run systemd-cryptsetup to test if this worked.
+sudo /usr/lib/systemd/systemd-cryptsetup attach mytest /dev/sdXn - tpm2-device=auto
+
+# If that worked, let's now add the same line persistently to /etc/crypttab,
+# for the future.
+sudo bash -c 'echo "mytest /dev/sdXn - tpm2-device=auto" >> /etc/crypttab'
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 15:35:18 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-07 15:35:18 +0000
commit	b750101eb236130cf056c675997decbac904cc49 (patch)
tree	a5df1a06754bdd014cb975c051c83b01c9a97532 /man/tpm2-crypttab.sh
parent	Initial commit. (diff)
download	systemd-b750101eb236130cf056c675997decbac904cc49.tar.xz systemd-b750101eb236130cf056c675997decbac904cc49.zip