On Tue, Dec 22, 2020, 12:59 AM Gordon Messmer <gordon.mess...@gmail.com> wrote:
> > https://blog.dowhile0.org/2017/10/18/automatic-luks-volumes-unlocking-using-a-tpm2-chip/ > > The use of clevis to bind a LUKS volume to a TPM2 device isn't very well > documented, but a few articles and blogs provide working examples for a > single LUKS volume: > > "clevis luks bind -d /dev/sda3 tpm2 '{"pcr_ids":"7"}'" > > Does anyone know if it's possible to bind two volumes and unlock them > both at boot, using the TPM2 device? > Lennart was working on this a while ago in systemd. I'm not sure how far along it is. Could git clone it and then: git log --grep=TPM2 I'm not sure how to do case insensitive with git's grep. I know he was also working on security key support for sd-homed and possible sd-cryptsetup. Anyway, this is something Workstation WG has been looking at in particular for encrypting system root. That way a user entered passphrase isnt needed to boot. And the user login passphrase unlocks just that user's home. -- Chris Murphy >
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
