rancher/kcrypt
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt.git synced 2025-04-27 11:21:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update lock.go (#316)

Browse Source
This commit is contained in:
Itxaka 2024-05-21 11:13:50 +00:00 committed by GitHub
parent 665d2476f1
commit 1d16082bb3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/lib/lock.go
View File

@ -89,7 +89,8 @@ func Luksify(label, version string, tpm bool) (string, error) {
// Files are generated by systemd automatically and are extracted from the UKI binary directly
// public pem cert -> .pcrpkey section fo the elf file
// signatures -> .pcrsig section of the elf file
args := []string{"--tpm2-public-key=/run/systemd/tpm2-pcr-public-key.pem", "--tpm2-signature=/run/systemd/tpm2-pcr-signature.json", "--tpm2-device=auto", part}
// leave --tpm2-pcrs= to an empty value so it doesnt bind to a single measure
args := []string{"--tpm2-public-key=/run/systemd/tpm2-pcr-public-key.pem", "--tpm2-public-key-pcrs=11", "--tpm2-pcrs=", "--tpm2-signature=/run/systemd/tpm2-pcr-signature.json", "--tpm2-device-key=/run/systemd/tpm2-srk-public-key.tpm2b_public", part}
cmd := exec.Command("systemd-cryptenroll", args...)
cmd.Env = append(cmd.Env, fmt.Sprintf("PASSWORD=%s", pass)) // cannot pass it via stdin
cmd.Stdout = os.Stdout