Hello, Thanks for the answer.
Br, Dani 2018. november 13., kedd 20:02:06 UTC+1 időpontban David Michael a következőt írta: > > On Tue, Nov 13, 2018 at 10:16 AM Daniel McAllister <[email protected] > <javascript:>> wrote: > > > > Hello All, > > > > I am developing on something that I call "An encrypted overlay file > system with tpm2.0" for coreos. The feature is basically a new dracut > module which will mount a new file system on top of the normal file system > as an overlay. This new file system is luks encrypted and the disk > encryption key can be stored in the tpm2.0 chipset. > > I have added a new cmdline argument which represents the following: > > -What is the device name for the encrypted data (the 'writes' will go on > this partitions). > > -The disk encryption key is sealed to what PCRs > > -The nvram index where the disk encryption key is > > > > Missing features that is maybe helpful: > > -Master recovery passphrase if the tpm2.0 fails to give the disk > encryption key > > > > I would like to ask some input and also on what you think on this > feature. Is it needed, you see reasonable chance that this merge request > will be accepted. > > The code is not fully polished, but here are the two repositories: > > https://github.com/rasztasd/coreos-overlay > > https://github.com/rasztasd/bootengine > > > > I would like to merge it as soon as possible (if possible), so any input > will be appreciated. > > Thanks for sharing this, but we are unlikely to merge new features at > this time. Container Linux is in maintenance mode through at least > 2019, when Fedora CoreOS ( https://coreos.fedoraproject.org/ ) will be > the actively developed community distro. > > Since your work is a general dracut module, you could try to have it > packaged in Fedora through their normal process and start the > discussion of having it installed in Fedora CoreOS. You can join > #fedora-coreos on freenode or subscribe to > [email protected] <javascript:> if you'd like to get > involved with > development. > > Thanks. > > David >
