-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better explained guide #9
Comments
@rLoka I think a better guide would be great - the issue is that the process of full disk encryption and unlock involves many components and there is no one size fits all solution. It will vary considerably based on you hardware, distribution, and threat model. The full process is outside of the scope of this tool. However, I think it would be a good idea to collect examples in wiki pages here, to give users an idea of where to start. For instance, I do not have experience setting up FDE in Ubuntu, but I could post a write up of the process I use in Arch. |
Some areas that need an improvement I can think of are:
We see 0x81000001 risen out of nowhere, the first question would be why 0x81000001? Maybe there should be some way to list those persistent handles before we proceed? Earlier there was a command Moving on to the next point which can be an obstacle: sha256 is used by default now, but what if Oh, and BTW: please adopt Arch's changes of Cheers! |
I would argue that such basic info should not be in the guide, but rather on the tpm2.0 library specification or somewhere else. Maybe a link to the spesification is sufficient, or a soon to be arch wiki page? :) There is always Clevis that does it all for you. Just remember dracut instead for mkinitcpio. (Or create a hook that does it with mkinitcpio). |
I didn't have any issues following the guide, but I was struggling to understand what to do next. Luckily a bit of googling got me to the |
Hey there! First of all, thanks for all the work you have put into this!
So, this is not really an issue, but could you explain (maybe in a form of a wiki or additional MD) how would I use this on a typical case where automated fde unlock setup is required?
The thing is, I am searching for a method to autounlock fde using tpm2 on ubuntu 16.04/18.04 and I have already tried
clevis
but it did not work properly for me and I am sort of novice in this area.Thanks for understanding and any help is much appreciated!
The text was updated successfully, but these errors were encountered: