Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add LUKS TPM autounlock support #265

Merged
merged 4 commits into from
Apr 29, 2024
Merged

feat: add LUKS TPM autounlock support #265

merged 4 commits into from
Apr 29, 2024

Conversation

bsherman
Copy link
Contributor

Adds a new RPM ublue-os-luks containing:

  • /usr/libexec/luks-disable-tpm2-autounlock
  • /usr/libexec/luks-enable-tpm2-autounlock

Adds ujust recipes to setup/remove LUKS autounlock using these scripts.

Adds depedency: ublue-os-just now requires ublue-os-luks

Downstreams will need to ensure install works correctly.

@bsherman
feat: add LUKS TPM autounlock support
618bd26 
Adds a new RPM ublue-os-luks containing:
- /usr/libexec/luks-disable-tpm2-autounlock
- /usr/libexec/luks-enable-tpm2-autounlock

Adds ujust recipes to setup/remove LUKS autounlock using these scripts.

Adds depedency: ublue-os-just now requires ublue-os-luks

Downstreams will need to ensure install works correctly.
@bsherman bsherman linked an issue Apr 29, 2024 that may be closed by this pull request
add luks tpm2 lock/unlock scripts with ujust recipes #264
Closed
@bsherman
Copy link
Contributor Author

For the record, I did test the scripts on both a main image with stock initramfs and a bluefin with customized initramfs. I also tested the RPM build and installing the RPMs on a system.

I visually verified that main should be fine installing the new RPM due to how we install other config RPMs here: https://github.com/ublue-os/main/blob/main/install.sh#L18-L19

@KyleGospo KyleGospo enabled auto-merge April 29, 2024 14:44
bketelsen
bketelsen approved these changes Apr 29, 2024
View reviewed changes
Copy link
Member

@bketelsen bketelsen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@KyleGospo KyleGospo added this pull request to the merge queue Apr 29, 2024
Merged via the queue into main with commit 64339fd Apr 29, 2024
4 checks passed
@KyleGospo KyleGospo deleted the tpm2-luks branch April 29, 2024 14:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bketelsen bketelsen bketelsen approved these changes

@KyleGospo KyleGospo KyleGospo approved these changes

@castrojo castrojo Awaiting requested review from castrojo

@noelmiller noelmiller Awaiting requested review from noelmiller

@EyeCantCU EyeCantCU Awaiting requested review from EyeCantCU

@p5 p5 Awaiting requested review from p5

@m2Giles m2Giles Awaiting requested review from m2Giles

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

add luks tpm2 lock/unlock scripts with ujust recipes
3 participants
@bsherman @bketelsen @KyleGospo