Skip to content

Commit

Permalink
Update 3-tpm2clevis-prepluksandinstallhooks.sh
Browse files Browse the repository at this point in the history 
-k can't be at the end of the command apparently. Also fixed the message saying a password is needed.
  • Loading branch information
@noahbliss
noahbliss authored Jan 11, 2021
1 parent c6f039f commit fd2f065
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions 3-tpm2clevis-prepluksandinstallhooks.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,10 @@ if [ "$LUKSVER" == "2" ]; then
fi


echo "Wiping any old luks key in the keyslot. (You'll need to enter a password.)"
echo "Wiping any old luks key in the keyslot."
cryptsetup luksKillSlot --key-file tmpramfs/user.key "$CRYPTDEV" "$SLOT"
echo "Generating clevis key, adding it to the luks slot, and mapping it to the TPM PCRs."
clevis-luks-bind -d "$CRYPTDEV" -s "$SLOT" tpm2 '{"pcr_bank":"'"$TPMHASHTYPE"'","pcr_ids":"'"$BINDPCR"'"}' -k tmpramfs/user.key
clevis-luks-bind -d "$CRYPTDEV" -k tmpramfs/user.key -s "$SLOT" tpm2 '{"pcr_bank":"'"$TPMHASHTYPE"'","pcr_ids":"'"$BINDPCR"'"}'
echo "Wiping keys and unmounting tmpramfs."
rm tmpramfs/user.key
umount -l tmpramfs
Expand Down

0 comments on commit fd2f065

Please sign in to comment.