#!/bin/bash
set -e

CRYPTFS=/dev/nvme0n1p3

echo "creating secret key"
tpm2_getrandom 32 -o /root/secret.bin
chmod 600 /root/secret.bin
cryptsetup luksAddKey $CRYPTFS /root/secret.bin

/usr/sbin/update-luks-tpm.sh