|
|
@ -4,8 +4,16 @@ The utility installs a Disk encryption key in the TPM and unencrypts the disk au |
|
|
The settings for trusted boot differ for the various Linux distros and releases. |
|
|
The settings for trusted boot differ for the various Linux distros and releases. |
|
|
This version is tested for Ubuntu 20.04 LTS. It requires TPM-Tools 4.x as the parameters completely changed from 3.x |
|
|
This version is tested for Ubuntu 20.04 LTS. It requires TPM-Tools 4.x as the parameters completely changed from 3.x |
|
|
|
|
|
|
|
|
|
|
|
## Prerequisities |
|
|
|
|
|
Tested system: Ubuntu 20.04 LTS with encrypted root partition. |
|
|
|
|
|
Required additional packages: |
|
|
|
|
|
- binutils (for objcopy, generating unified Kernel) |
|
|
|
|
|
- tpm2-tools |
|
|
|
|
|
- auditd (for logging syscalls of processes) |
|
|
|
|
|
- attr (for accessing security.ima file attribute) |
|
|
|
|
|
|
|
|
## Usage |
|
|
## Usage |
|
|
1. Install Ubuntu 20.04 with Full Disk Encryption. |
|
|
1. Install Ubuntu 20.04 with Full Disk Encryption with the additional packages. |
|
|
1. Execute install.sh |
|
|
1. Execute install.sh |
|
|
2. Reboot the machine, you will still be asked for your encryption passphrase |
|
|
2. Reboot the machine, you will still be asked for your encryption passphrase |
|
|
3. Update the TPM PCR policy with update-luks-tpm.sh |
|
|
3. Update the TPM PCR policy with update-luks-tpm.sh |
|
|
|
Michael Preisach
5 years ago