xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2025-02-20 20:40:31 +00:00
Code Issues Projects Releases Wiki Activity
5,349 Commits 39 Branches 67 Tags
Commit Graph

5 Commits

Author SHA1 Message Date
Jarrod Johnson
e6dc383d25 Fix mistake in EL8/EL9 LUKS 2024-07-29 11:22:07 -04:00
Jarrod Johnson
329f2b4485 Amend cryptboot implementation for Ubuntu 22/24, EL8/EL9 
Provide mechanism for administrator to place a custom
key for potential interactive recovery into
/var/lib/confluent/private/os/<profile>/pending/luks.key

If not provided, generate a unique one for each install.

Either way, persist the key in /etc/confluent/luks.key, to
facilitate later resealing if the user wants (clevis nor systemd
prior to 256 supports unlock via TPM2, so keyfile is required
for now).

Migrating to otherwise escrowed passphrases and/or sealing to
specific TPMs will be left to operators and/or third parties.
 2024-07-29 10:17:14 -04:00
Jarrod Johnson
e1270b2926 Do not seal to PCR 7 
At least without secureboot, PCR 7 is not defined.

This would potentially be worth a conditional to
check on secureboot.
 2020-06-17 16:23:13 -04:00
Jarrod Johnson
0016c31fef Fix encrypted boot on 8.1 
8.1 requires -f or it will fail.
 2020-06-04 13:41:00 -04:00
Jarrod Johnson
82ab56ebb4 Add boot encryption support to EL8 
The stock profile should now encrypt if requested
 2020-06-02 16:05:44 -04:00