Date
1 - 1 of 1
[isar-cip-core][RFC v2 0/7] Encrypt Partition in initramfs
Quirin Gylstorff
From: Quirin Gylstorff <quirin.gylstorff@...>
This encrypts a partition with LUKS and uses the TPM2 to unlock the partition during
boot.
Adapt start-qemu to support tpm2.
Changes v2:
- rewrite for multiple partition
- add rencrypt for populated partitions
- encrypt /var and /home
Quirin Gylstorff (7):
linux-cip: update kernel configuration for tpm2 support
use bullseye backports for systemd-cryptenroll
start-qemu: If swtpm is available create a tpm2 device
Add initramfs hook to encrypt a partition
overlay: add prerequisite 'encrypt_partition'
KConfig: add tpm option
.gitlabci: Add ci build
.gitlab-ci.yml | 13 ++
Kconfig | 8 ++
conf/distro/debian-bullseye-backports.list | 1 +
.../preferences.bullseye-backports.tpm.conf | 3 +
kas/opt/tpm.yml | 20 +++
.../files/encrypt_partition.env.tmpl | 2 +
.../files/encrypt_partition.hook | 49 +++++++
.../files/encrypt_partition.script | 135 ++++++++++++++++++
.../initramfs-crypt-hook_0.1.bb | 37 +++++
.../initramfs-overlay-hook/files/overlay.hook | 1 +
.../files/overlay.script.tmpl | 12 +-
recipes-kernel/linux/linux-cip-common.inc | 2 +-
start-qemu.sh | 23 ++-
wic/x86-efibootguard.wks.in | 4 +-
14 files changed, 297 insertions(+), 13 deletions(-)
create mode 100644 conf/distro/debian-bullseye-backports.list
create mode 100644 conf/distro/preferences.bullseye-backports.tpm.conf
create mode 100644 kas/opt/tpm.yml
create mode 100644 recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl
create mode 100644 recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.hook
create mode 100644 recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script
create mode 100644 recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.1.bb
--
2.39.1
This encrypts a partition with LUKS and uses the TPM2 to unlock the partition during
boot.
Adapt start-qemu to support tpm2.
Changes v2:
- rewrite for multiple partition
- add rencrypt for populated partitions
- encrypt /var and /home
Quirin Gylstorff (7):
linux-cip: update kernel configuration for tpm2 support
use bullseye backports for systemd-cryptenroll
start-qemu: If swtpm is available create a tpm2 device
Add initramfs hook to encrypt a partition
overlay: add prerequisite 'encrypt_partition'
KConfig: add tpm option
.gitlabci: Add ci build
.gitlab-ci.yml | 13 ++
Kconfig | 8 ++
conf/distro/debian-bullseye-backports.list | 1 +
.../preferences.bullseye-backports.tpm.conf | 3 +
kas/opt/tpm.yml | 20 +++
.../files/encrypt_partition.env.tmpl | 2 +
.../files/encrypt_partition.hook | 49 +++++++
.../files/encrypt_partition.script | 135 ++++++++++++++++++
.../initramfs-crypt-hook_0.1.bb | 37 +++++
.../initramfs-overlay-hook/files/overlay.hook | 1 +
.../files/overlay.script.tmpl | 12 +-
recipes-kernel/linux/linux-cip-common.inc | 2 +-
start-qemu.sh | 23 ++-
wic/x86-efibootguard.wks.in | 4 +-
14 files changed, 297 insertions(+), 13 deletions(-)
create mode 100644 conf/distro/debian-bullseye-backports.list
create mode 100644 conf/distro/preferences.bullseye-backports.tpm.conf
create mode 100644 kas/opt/tpm.yml
create mode 100644 recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.env.tmpl
create mode 100644 recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.hook
create mode 100644 recipes-initramfs/initramfs-crypt-hook/files/encrypt_partition.script
create mode 100644 recipes-initramfs/initramfs-crypt-hook/initramfs-crypt-hook_0.1.bb
--
2.39.1