From: Quirin Gylstorff <quirin.gylstorff@...> This will remove the requirement to use bullseye backports. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- Changes v2: - fix w

From: Quirin Gylstorff <quirin.gylstorff@...> This will remove the requirement to use bullseye backports. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- .../preferences.bul

After creating 8 keys/Images the 9th time you want to add a key to a new the TPM will throw a error. Quirin

This was for debugging purposes as the TPM is no longer accessible after a number of keys entered. Quirin

From: Quirin Gylstorff <quirin.gylstorff@...> To avoid package name conflicts between cip-core and Debian upstream use the debian folder from upstream to build efibootguard. Signed-off-by: Qui

From: Quirin Gylstorff <quirin.gylstorff@...> Add ci builds for bookworm Change efibootguard build to use debian folder from salsa Changes v2: - rebase onto next - always build efibootguard Qu

From: Quirin Gylstorff <quirin.gylstorff@...> This will add prelimitary support for the debian 12 aka bookworm. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- .gitlab-ci.ym

From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- doc/README.tpm2.encryption.md | 55 +++++++++++++++++++++++++++++++++++ 1 file c

From: Quirin Gylstorff <quirin.gylstorff@...> If /var shall be encrypted encrypt_partition needs to be executed before the overlay script. If the prerequisite is not available the overlay scri

From: Quirin Gylstorff <quirin.gylstorff@...> This allows testing the partition encryption with qemu. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- start-qemu.sh | 27 ++++

From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- .gitlab-ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a

From: Quirin Gylstorff <quirin.gylstorff@...> This encrypts a partition with LUKS and uses the TPM2 to unlock the partition during boot. Adapt start-qemu to support tpm2. The implementation us

From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Kconfig b

From: Quirin Gylstorff <quirin.gylstorff@...> This creates a new luks encrypted ext4 partition with a the key stored in the tpm2. The initial key is randomly generated and removed from the LUK

From: Quirin Gylstorff <quirin.gylstorff@...> Systemd >= 251 is required for systemd-cryptenroll. This version is part of backports. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...

From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- doc/README.tpm2.encryption.md | 55 +++++++++++++++++++++++++++++++++++ 1 file c

From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- .gitlab-ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a

From: Quirin Gylstorff <quirin.gylstorff@...> This creates a new luks encrypted ext4 partition with a the key stored in the tpm2. The initial key is randomly generated and removed from the LUK

From: Quirin Gylstorff <quirin.gylstorff@...> This allows testing the partition encryption with qemu. Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- start-qemu.sh | 27 ++++

From: Quirin Gylstorff <quirin.gylstorff@...> Signed-off-by: Quirin Gylstorff <quirin.gylstorff@...> --- Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Kconfig b