Last active
September 3, 2024 22:28
-
-
Save heywoodlh/b55eb33e248db2b8a7625c1fddc6b8d3 to your computer and use it in GitHub Desktop.
Ubuntu setup for Clevis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # credit: https://askubuntu.com/a/1475182 | |
| # invoke with: | |
| # curl -L https://gist.githubusercontent.com/heywoodlh/b55eb33e248db2b8a7625c1fddc6b8d3/raw/ce517a862ae4b4dd0c7a60912df22c5bcb10d736/setup-clevis.sh -o /tmp/setup-clevis.sh | |
| # sudo bash /tmp/setup-clevis.sh /dev/sda3 | |
| disk="$1" | |
| [[ ! -n "${disk}" ]] && echo "Usage: $0 /dev/sda3" && exit 1 | |
| [[ -n "${disk}" ]] && [[ ! -e "${disk}" ]] && echo "Disk ${disk} does not exist. Exiting." && exit 1 | |
| #install needed packages | |
| apt-get -y install clevis clevis-tpm2 clevis-luks clevis-initramfs initramfs-tools tss2 | |
| #proceed | |
| echo -n Enter LUKS password: | |
| read -s LUKSKEY | |
| echo "" | |
| clevis luks bind -d ${disk} tpm2 '{"pcr_bank":"sha256"}' <<< "$LUKSKEY" | |
| update-initramfs -u -k all | |
| #check | |
| clevis luks list -d ${disk} | |
| #delete example; -s is one of the slots reported by the previous command | |
| #clevis luks unbind -d /dev/nvme0n1p3 -s 1 tpm2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment