Forked from itsuki-hayashi/ubuntu-systemd-cryptenroll-tpm.sh
Created
March 1, 2024 12:07
-
-
Save richard-scott/4f8d6d30be32fd8c935a6c407211f9ea to your computer and use it in GitHub Desktop.
Systemd TPM Auto LUKS Unlock for Ubuntu 22.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See also: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375 | |
# See: https://github.com/wmcelderry/systemd_with_tpm2 | |
# Install dependencies for systemd TPM | |
sudo apt install libtss2-rc0 | |
# Check if Ubuntu recognize your TPM chip | |
systemd-cryptenroll --tpm2-device=list | |
# Check current LUKS info | |
sudo cryptsetup luksDump /dev/nvme0n1p3 | |
# Enroll TPM as unlocker | |
sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/nvme0n1p3 | |
# Check current LUKS info after TPM enrollment | |
sudo cryptsetup luksDump /dev/nvme0n1p3 | |
# Run https://github.com/wmcelderry/systemd_with_tpm2/blob/main/install.sh | |
# Edit /etc/crypttab to something like | |
# nvme0n1p3_crypt UUID=ff098ab6-2a46-11ee-be56-0242ac120002 none luks,discard,tpm2-device=auto |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment