[Debian/Proxmox | TPM2] Add multiple LUKS devices.

[FabianSchurig]

Hello @noahbliss,

First of all, thank you for providing mortar. In the following I describe how I would add to the feature to provide support for encryption of multiple hard disks.

Description

My Idea was to be compatible with existing setups but to add possibilities to use multiple encrypted disks with different passwords. This could be achieved by not changing contents in an existing mortar.env and just adding additional mortar*.env files which will be installed into a separate script in local-top initramfs. Each script will then do unlock one hard drive, similar to how one hard drive was decrypted earlier.

Type of change

• [X] New feature (non-breaking change which adds functionality)
• [X] This change requires a documentation update

3-tpm2clevis-prepluksandinstallhooks.sh

Add a loop to run the existing code for each mortar file. Code logic remains unchanged.

res/debian/tpm2clevis/install.sh

Add a loop to run the existing code for each mortar file and generate multiple mortar-* scripts in initramfs. Code logic remains unchanged.

4-register-additional-luks-device.sh

New file to register an encrypted disk and create a new mortar*.env file.

README.md

Add section Register additional luks devices

How Has This Been Tested?

Tested on Proxmox (Debian) with two additional hard disks /dev/sda1 and /dev/sdb1.

Test Configuration:

• Software: Linux ryzen 6.8.8-4-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.8-4 (2024-07-26T11:15Z) x86_64 GNU/Linux
• Hardware: AMD Ryzen | Internal M2 SSD | Two external USB3.2 M2 Samsung SSDs

Checklist:

• [X] My code follows the style guidelines of this project
• [X] I have performed a self-review of my code
• [X] I have commented my code, particularly in hard-to-understand areas
• [X] I have made corresponding changes to the documentation
• [X] My changes generate no new warnings
• [X] I signed off and verified my Commit, I agree to the LICENSE