Does 'luks-setup.sh` can create password for multiple partitions? #74
Comments
|
Do you need to set a corresponding key for each partition? If so, the current luks-setup.sh doesn't support it. But you can patch this script, pass --key-slot argument to cryptsetup to specify different slot to store different key. Here are some references from cryptsetup man page[1][2][3]: --new-key-slot <0-N> [1] https://man7.org/linux/man-pages/man8/cryptsetup-luksformat.8.html |
|
Hi @yizhao1,
Yes that is what I need it for. I can give a shot :) P.S. I was also thinking if it is worth doing? Isn't it sufficient to use just one key for all the partitions? If so than how can I re-use the key already in the TPM?
Thx for informations. |
It is possible to use one key for all partitions. But it requires some tricks when using luks-setup.sh. When creating the first encrypted partition, you need to pass -e parameter to luks-setup.sh to evict the existing key in the tpm and create a new key. When creating subsequent encrypted partitions without -e parameter, these partitions will use the current key in the tpm. //Yi
|
|
Thanks, this is working. I have one more question for you but it concerns another thread. Could you please answer there? |
OK no need to answer in that thread. Actually I have forgotten a lot and thx to this blog I have recalled that PCR7 is responsible for Secure Boot State, so I turned it on in UEFI and it started to work... |
I do not recall if password stored in tpm can be just one or many and was wondering if this use case which is in the subject is possible to achieve with the script, meaning I have 3 partitions which I would like to make encrypted.
The text was updated successfully, but these errors were encountered: