First of all, thank you for providing mortar. In the following I describe how I would add to the feature to provide support for encryption of multiple hard disks.
Description
My Idea was to be compatible with existing setups but to add possibilities to use multiple encrypted disks with different passwords. This could be achieved by not changing contents in an existing mortar.env and just adding additional mortar*.env files which will be installed into a separate script in local-top initramfs. Each script will then do unlock one hard drive, similar to how one hard drive was decrypted earlier.
Type of change
[X] New feature (non-breaking change which adds functionality)
[X] This change requires a documentation update
3-tpm2clevis-prepluksandinstallhooks.sh
Add a loop to run the existing code for each mortar file. Code logic remains unchanged.
res/debian/tpm2clevis/install.sh
Add a loop to run the existing code for each mortar file and generate multiple mortar-* scripts in initramfs. Code logic remains unchanged.
4-register-additional-luks-device.sh
New file to register an encrypted disk and create a new mortar*.env file.
README.md
Add section Register additional luks devices
How Has This Been Tested?
Tested on Proxmox (Debian) with two additional hard disks /dev/sda1 and /dev/sdb1.
Hello @noahbliss,
First of all, thank you for providing mortar. In the following I describe how I would add to the feature to provide support for encryption of multiple hard disks.
Description
My Idea was to be compatible with existing setups but to add possibilities to use multiple encrypted disks with different passwords. This could be achieved by not changing contents in an existing
mortar.env
and just adding additionalmortar*.env
files which will be installed into a separate script inlocal-top
initramfs. Each script will then do unlock one hard drive, similar to how one hard drive was decrypted earlier.Type of change
3-tpm2clevis-prepluksandinstallhooks.sh
Add a loop to run the existing code for each mortar file. Code logic remains unchanged.
res/debian/tpm2clevis/install.sh
Add a loop to run the existing code for each mortar file and generate multiple
mortar-*
scripts in initramfs. Code logic remains unchanged.4-register-additional-luks-device.sh
New file to register an encrypted disk and create a new
mortar*.env
file.README.md
Add section Register additional luks devices
How Has This Been Tested?
Tested on Proxmox (Debian) with two additional hard disks
/dev/sda1
and/dev/sdb1
.Test Configuration:
Linux ryzen 6.8.8-4-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.8-4 (2024-07-26T11:15Z) x86_64 GNU/Linux
Checklist: