Last active
June 15, 2025 03:30
-
-
Save heywoodlh/b55eb33e248db2b8a7625c1fddc6b8d3 to your computer and use it in GitHub Desktop.
Ubuntu setup for Clevis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # credit: https://askubuntu.com/a/1475182 | |
| # invoke with: | |
| # curl -L https://gist.githubusercontent.com/heywoodlh/b55eb33e248db2b8a7625c1fddc6b8d3/raw/ce517a862ae4b4dd0c7a60912df22c5bcb10d736/setup-clevis.sh -o /tmp/setup-clevis.sh | |
| # sudo bash /tmp/setup-clevis.sh /dev/sda3 | |
| disk="$1" | |
| [[ ! -n "${disk}" ]] && echo "Usage: $0 /dev/sda3" && exit 1 | |
| [[ -n "${disk}" ]] && [[ ! -e "${disk}" ]] && echo "Disk ${disk} does not exist. Exiting." && exit 1 | |
| #install needed packages | |
| apt-get -y install clevis clevis-tpm2 clevis-luks clevis-initramfs initramfs-tools tss2 | |
| #proceed | |
| echo -n Enter LUKS password: | |
| read -s LUKSKEY | |
| echo "" | |
| clevis luks bind -d ${disk} tpm2 '{"pcr_bank":"sha256"}' <<< "$LUKSKEY" | |
| update-initramfs -u -k all | |
| #check | |
| clevis luks list -d ${disk} | |
| #delete example; -s is one of the slots reported by the previous command | |
| #clevis luks unbind -d /dev/nvme0n1p3 -s 1 tpm2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nice! This works fine with Ubuntu Server 24.04