Changes

Jump to: navigation, search

Linux: Full Disk Encryption

286 bytes added, 10:32, 1 July 2019
/* Automated Decryption */
$ cat test.txt | clevis decrypt tpm2
Hello World!
* Now it is time Bind master key generated by TPM to automatically decrypt the existing encrypted root file systemLUKS volume. For this there is a specific set of Platform Configuration Registers (PCR) called PCR7. # Try this command to show some Review information about the cryptographic setup of encrypted partition: $ cryptsetup luksDump /dev/sda3 $ clevis luks bind -d /dev/sda3 tpm2 '{"pcr_ids":"7"}' Enter existing LUKS password: ****** # Review information about the cryptographic setup again, check if the new key has been written to the LUKS volume:
$ cryptsetup luksDump /dev/sda3
425
edits