Hello, "Authenticated Boot and Disk Encryption on Linux" [1] suggests to "make /home/ its own dm-integrity volume with a HMAC, keyed by the TPM" when using systemd-homed for user home directories. I'd like to try that but… how? I can use systemd-cryptenroll to make a encrypted volume with a TPM key, but how do I make a dm-integrity volume with a TPM key? I've gone through the manpage for integritysetup and did a few unsuccessful google searches, but I've not found any answer. I'd appreciate some pointers into the right direction. Cheers, Basti [1]:https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html
dm-integrity volume with TPM key?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: dm-integrity volume with TPM key?
- From: Sebastian Wiesner <sebastian@xxxxxxxx>
- Date: Wed, 29 Sep 2021 21:53:58 +0200
- Follow-Ups:
- Re: dm-integrity volume with TPM key?
- From: Lennart Poettering
- Re: dm-integrity volume with TPM key?
- Prev by Date: Re: Authenticated Boot and Disk Encryption on Linux
- Next by Date: Re: dm-integrity volume with TPM key?
- Previous by thread: Re: Authenticated Boot and Disk Encryption on Linux
- Next by thread: Re: dm-integrity volume with TPM key?
- Index(es):
 |