[systemd-devel] dm-integrity volume with TPM key?
Sebastian Wiesner
sebastian at swsnr.de
Wed Sep 29 19:53:58 UTC 2021
Hello,
"Authenticated Boot and Disk Encryption on Linux" [1] suggests to "make
/home/ its own dm-integrity volume with a HMAC, keyed by the TPM" when
using systemd-homed for user home directories.
I'd like to try that but… how? I can use systemd-cryptenroll to make a
encrypted volume with a TPM key, but how do I make a dm-integrity
volume with a TPM key? I've gone through the manpage for
integritysetup and did a few unsuccessful google searches, but I've not
found any answer.
I'd appreciate some pointers into the right direction.
Cheers,
Basti
[1]:https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html
More information about the systemd-devel
mailing list