[systemd-devel] troubleshooting Clevis
Lennart Poettering
lennart at poettering.net
Tue Oct 12 15:54:15 UTC 2021
On Di, 12.10.21 16:17, lejeczek (peljasz at yahoo.co.uk) wrote:
> > > I have 'clevis' set to get luks pin from 'tang' but unlock does not happen
> > > at/during boot time and I wonder if someone can share thoughts on how to
> > > investigate that?
> > > I cannot see anything obvious fail during boot, moreover, manual
> > > 'clevis-luks-unlock' works no problems.
> > This is the systemd mailing list, not the clevis/tang mailing
> > list. Please contact the clevis/tang community instead.
>
> May ask of any possible plans where systemd would, somehow similarly to
> 'tpm', utilize 'tang'(or similar) technique to unlock luks encrypted
> devices?
You mean that networked unlock feature? I mean, it's not always clear
what belongs and systemd and what does not. But outside of data
centers I am not sure tang/clevis really has much use, and that's
quite a limited userbase, so I'd say: no this should be done outside
of systemd. Maybe a plugin for libcryptsetup's "token" feature.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list