mirror of
https://github.com/xcat2/confluent.git
synced 2024-12-03 18:14:43 +00:00
e1270b2926
At least without secureboot, PCR 7 is not defined. This would potentially be worth a conditional to check on secureboot.
5 lines
219 B
Bash
5 lines
219 B
Bash
#!/bin/sh
|
|
cryptdisk=$(blkid -t TYPE="crypto_LUKS"|sed -e s/:.*//)
|
|
clevis luks bind -f -d $cryptdisk -k - tpm2 '{}' < /etc/confluent/confluent.apikey
|
|
cryptsetup luksRemoveKey $cryptdisk < /etc/confluent/confluent.apikey
|