mirror of
https://github.com/kairos-io/kcrypt-challenger.git
synced 2025-09-26 13:04:30 +00:00
62fb8f6cce
This allows the operator to re-use an existing passphrase but let the sealed volume be re-created automatically (so decryption can still happen, we don't loose the original passphrase). Also allows the operator to skip a PCR (e.g. 11) if they want to by simply removing it after the initial enrollement or by manuall creating the initial sealed volume but only with the PCRs they are interested in by setting those to empty strings. This is useful if a PCR is expected to change often, e.g. PCR 11 because of kernel upgrades. Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>