mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-26 03:19:48 +00:00
Do not seal to PCR 7
At least without secureboot, PCR 7 is not defined. This would potentially be worth a conditional to check on secureboot.
This commit is contained in:
parent
d4736e0aad
commit
e1270b2926
@ -1,4 +1,4 @@
|
||||
#!/bin/sh
|
||||
cryptdisk=$(blkid -t TYPE="crypto_LUKS"|sed -e s/:.*//)
|
||||
clevis luks bind -f -d $cryptdisk -k - tpm2 '{"pcr_bank": "sha256", "pcr_ids": "7"}' < /etc/confluent/confluent.apikey
|
||||
clevis luks bind -f -d $cryptdisk -k - tpm2 '{}' < /etc/confluent/confluent.apikey
|
||||
cryptsetup luksRemoveKey $cryptdisk < /etc/confluent/confluent.apikey
|
||||
|
Loading…
Reference in New Issue
Block a user