Re: [PATCH 5/5] util/grub-protect: Add new tool

On Mon, 24 Jan 2022 06:12:18 -0800 Hernan Gatta wrote: > From: Hernan Gatta > > To utilize the key protectors framework, there must be a way to protect > full-disk encryption keys in the first place. The grub-protect tool includes > support for the TPM2 key protector but other protectors that r

Re: [PATCH 4/5] cryptodisk: Support key protectors

On Mon, 24 Jan 2022 06:12:17 -0800 Hernan Gatta wrote: > From: Hernan Gatta > > Add a new parameter to cryptomount to support the key protectors framework: > -k. > This parameter is accepted whenever the cryptomount command is used to mount a > specific disk either via a disk specification (e.

Re: [PATCH 3/5] protectors: Add TPM2 Key Protector

On Mon, 24 Jan 2022 06:12:16 -0800 Hernan Gatta wrote: > From: Hernan Gatta > > The TPM2 key protector is a module that enables the automatic retrieval of a > fully-encrypted disk's unlocking key from a TPM 2.0. > > The theory of operation is such that the module accepts various arguments, >

Re: [PATCH 1/5] protectors: Add key protectors framework

On Mon, 24 Jan 2022 06:12:14 -0800 Hernan Gatta wrote: > From: Hernan Gatta > > A key protector encapsulates functionality to retrieve an unlocking key for a > fully-encrypted disk from a specific source. A key protector module registers > itself with the key protectors framework when it is loa

[PATCH] Revert "iee1275/datetime: Fix off-by-1 error."

This is causing the test grub_cmd_date to fail because the returned date is one day more than it should be. This reverts commit 607d66116a67e5a13eb0d46076f26dedc988e6a4. Signed-off-by: Glenn Washburn --- Hi all, Reverting this commit allows the grub_cmd_date test to pass. It appears that this c

Re: [PATCH 0/5] Automatic TPM Disk Unlock

Hi, Le 24/01/2022 à 15:12, Hernan Gatta a écrit : > This patch series adds support for automatically unlocking fully-encrypted > disks > using a TPM 2.0. > > Currently, when GRUB encounters a fully-encrypted disk that it must access, > its > corresponding cryptodisk module (LUKS 1, LUKS2, or GE

[PATCH 3/5] protectors: Add TPM2 Key Protector

From: Hernan Gatta The TPM2 key protector is a module that enables the automatic retrieval of a fully-encrypted disk's unlocking key from a TPM 2.0. The theory of operation is such that the module accepts various arguments, most of which are optional therefore possess reasonable defaults. One of

[PATCH 1/5] protectors: Add key protectors framework

From: Hernan Gatta A key protector encapsulates functionality to retrieve an unlocking key for a fully-encrypted disk from a specific source. A key protector module registers itself with the key protectors framework when it is loaded and unregisters when unloaded. Additionally, a key protector ma

[PATCH 5/5] util/grub-protect: Add new tool

From: Hernan Gatta To utilize the key protectors framework, there must be a way to protect full-disk encryption keys in the first place. The grub-protect tool includes support for the TPM2 key protector but other protectors that require setup ahead of time can be supported in the future. For the

[PATCH 0/5] Automatic TPM Disk Unlock

This patch series adds support for automatically unlocking fully-encrypted disks using a TPM 2.0. Currently, when GRUB encounters a fully-encrypted disk that it must access, its corresponding cryptodisk module (LUKS 1, LUKS2, or GELI) interactively prompts the user for a passphrase. An improvement

[PATCH 4/5] cryptodisk: Support key protectors

From: Hernan Gatta Add a new parameter to cryptomount to support the key protectors framework: -k. This parameter is accepted whenever the cryptomount command is used to mount a specific disk either via a disk specification (e.g., (hd0,gpt1)) or by UUID, but not when disks are mounted in bulk (i.