On Fr, 08.10.21 21:15, Sebastian Wiesner (sebast...@swsnr.de) wrote:
> Am Montag, dem 04.10.2021 um 14:49 +0200 schrieb Lennart Poettering:
> > On Do, 30.09.21 21:20, Sebastian Wiesner (sebast...@swsnr.de) wrote:
> >
> > > Hello,
> > >
> > > thanks for quick reply, I guess this explains the lack
Am Montag, dem 04.10.2021 um 14:49 +0200 schrieb Lennart Poettering:
> On Do, 30.09.21 21:20, Sebastian Wiesner (sebast...@swsnr.de) wrote:
>
> > Hello,
> >
> > thanks for quick reply, I guess this explains the lack of
> > instructions
>
> btw, coincidentally this was posted on github on the
On Do, 30.09.21 21:20, Sebastian Wiesner (sebast...@swsnr.de) wrote:
> Hello,
>
> thanks for quick reply, I guess this explains the lack of
> instructions
btw, coincidentally this was posted on github on the day you posted
this:
https://github.com/systemd/systemd/pull/20902
so hopefully we'll
Hello,
thanks for quick reply, I guess this explains the lack of instructions
^^
As a workaround you'd use a regular file key for dm-integrity and put
that on a TPM-protected partition, if I understand you correctly?
I.e. you'd
1. enable secureboot (custom keys or shim),
2. bundle kernel &
On Mi, 29.09.21 21:53, Sebastian Wiesner (sebast...@swsnr.de) wrote:
> Hello,
>
> "Authenticated Boot and Disk Encryption on Linux" [1] suggests to "make
> /home/ its own dm-integrity volume with a HMAC, keyed by the TPM" when
> using systemd-homed for user home directories.
>
> I'd like to try
Hello,
"Authenticated Boot and Disk Encryption on Linux" [1] suggests to "make
/home/ its own dm-integrity volume with a HMAC, keyed by the TPM" when
using systemd-homed for user home directories.
I'd like to try that but… how? I can use systemd-cryptenroll to make a
encrypted volume with a TPM