Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pull] master from latchset:master #32

Merged
merged 2 commits into from
Feb 11, 2025
Merged

[pull] master from latchset:master #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0e3a8b6
dracut: fix running with pre-v103 Dracut
oldium Nov 9, 2024
5193674
Install clevis-pin-tpm2 in initrd when required (#509)
sarroutbi Feb 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 22 additions & 5 deletions src/luks/dracut/clevis-pin-tpm2/module-setup.sh.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,16 @@
#

check() {
require_binaries clevis-decrypt-tpm2 tpm2_createprimary tpm2_flushcontext \
tpm2_load tpm2_unseal tpm2_getcap || return 1
require_any_binary tpm2_pcrread tpm2_pcrlist || return 1
require_binaries clevis-decrypt-tpm2 || return 1

if command -v clevis-pin-tpm2 >/dev/null;
then
require_binaries clevis-pin-tpm2 || return 1
else
require_binaries tpm2_createprimary tpm2_flushcontext \
tpm2_load tpm2_unseal tpm2_getcap || return 1
require_any_binary tpm2_pcrread tpm2_pcrlist || return 1
fi
return 0
}

Expand All @@ -30,11 +37,21 @@ depends() {
return 0
}

install() {
inst_multiple clevis-decrypt-tpm2 tpm2_createprimary tpm2_flushcontext \
install_tpm2_tools() {
inst_multiple tpm2_createprimary tpm2_flushcontext \
tpm2_load tpm2_unseal tpm2_getcap
inst_multiple -o tpm2_pcrread tpm2_pcrlist
}

install() {
inst_multiple clevis-decrypt-tpm2
inst_libdir_file "libtss2-tcti-device.so*"
if command -v clevis-pin-tpm2 >/dev/null;
then
inst_multiple clevis-pin-tpm2
else
install_tpm2_tools
fi
}

installkernel() {
Expand Down
9 changes: 7 additions & 2 deletions src/luks/dracut/clevis/module-setup.sh.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,13 @@
depends() {
local __depends=crypt
if dracut_module_included "systemd"; then
__depends=$(printf '%s systemd-cryptsetup' "${__depends}")
# Dracut v103 introduced a separate systemd-cryptsetup module
systemd_cryptsetup_dir=$(dracut_module_path "systemd-cryptsetup")
if [ -d "$systemd_cryptsetup_dir" ]; then
__depends=$(printf '%s systemd-cryptsetup' "${__depends}")
else
__depends=$(printf '%s systemd' "${__depends}")
fi
fi
echo "${__depends}"
return 255
Expand All @@ -32,7 +38,6 @@ install() {
inst_multiple \
$systemdsystemunitdir/clevis-luks-askpass.service \
$systemdsystemunitdir/clevis-luks-askpass.path \
$systemdsystemunitdir/cryptsetup.target \
@SYSTEMD_REPLY_PASS@ \
@libexecdir@/clevis-luks-askpass

Expand Down
Loading