Does LUKS use TPM?

Does LUKS use TPM?

We can use TPM with LUKS in Linux, where the LUKS key can be written into TPM and then set-up a TrustedGRUB, which would unlock the sealed key. The /etc/crypttab in initrd should retrieve the key from TPM and boot the system securely, which is why we need to include tpm-tools into the initrd.

How do I use TPM with Luks?

1. Download the packages. trousers and tpm-tools provide the drivers and tools to work with a TPM under Linux.
2. Partition your new disk. For all the examples I will use /dev/sdb.
3. Create your encrypted volume.
4. Prep the TPM.
5. Own the TPM and store the key.
6. Add the key to LUKS.
7. Create a key script.
8. Format the volume.

How to set root key in linux LUKS TPM?

The -z parameter sets the Storage Root Key ( SRK) to its default value (all 0s). Choose a secure value for the owner password. You’ll need this one only during updates, so you could also store it in a password manager. Only be careful with using special characters such as \\.

Where to store Luks key in TPM NVRAM?

Storing your LUKS key in TPM NVRAM First read BUILD, to make sure you have all the runtime pre-reqs installed, including the upstream trousers and tpm-tools packages. A. Required steps B. If the LUKS volume is not your rootfs C.

When to run TPM-Luks at yum update time?

At yum update time: tpm-luks installs a yum post-transaction hook in /etc/yum/post-actions/tpm-luks.action. Whenever the kernel package is updated, the hook runs the tpm-luks-update script, which attempts to migrate your current TPM NVRAM secret to the new PCR values for the changed kernel+initramfs.

What is Trusted Platform Module ( TPM ) in Linux?

All this is achieved with the help of a little chip on the mainboard, the Trusted Platform Module ( TPM ). Being a Linux guy myself, I wanted to achieve with my favorite OS what Windows was already capable of.