Decrypt LUKS container using password + TMPv2.0 derived key

komachi / ansible-decent-desktop

Ansible playbook to provide decent desktop experience

GNU General Public License v3.0

13 stars 1 forks source link

Decrypt LUKS container using password + TMPv2.0 derived key #3

Open komachi opened 3 years ago

savchenko commented 3 years ago

I was trying to solve the very same problem, some notes: https://github.com/savchenko/debian/wiki/tpm2-@-libvirt,-Clevis

P.S. You might want to check the https://github.com/savchenko/debian as well. Feel free to fork.

komachi commented 3 years ago

I'm looking into systemd-cryptenroll, looks promising and makes everything much simpler (run one command and everything else should work out-of-box). Sadly this requires newer systemd that available only in experimental for now.

komachi commented 3 years ago

This also invoves migration from grub2 to systemd-boot, also systemd-cryptenroll provide a nice way to lock kernel cmdline when used with systemd-boot.