xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 17:43:14 +00:00
Code Issues Projects Releases Wiki Activity
3.0
confluent/confluent_osdeploy/el8/profiles/default/scripts/tpm_luks.sh
Jarrod Johnson e1270b2926 Do not seal to PCR 7 
At least without secureboot, PCR 7 is not defined.

This would potentially be worth a conditional to
check on secureboot.
2020-06-17 16:23:13 -04:00

5 lines
219 B
Bash
Raw Permalink Blame History

#!/bin/sh
cryptdisk=$(blkid -t TYPE="crypto_LUKS"|sed -e s/:.*//)
clevis luks bind -f -d $cryptdisk -k - tpm2 '{}' < /etc/confluent/confluent.apikey
cryptsetup luksRemoveKey $cryptdisk < /etc/confluent/confluent.apikey
Reference in New Issue View Git Blame Copy Permalink