ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-01-02 19:26:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
367 Commits 27 Branches 6 Tags 21 MiB
ba98d5dda6
Commit Graph

5 Commits

Author SHA1 Message Date
Trammell Hudson
9d4b7a5b73
print and update the timestamp on the TOTP while waiting for disk unlock code 2017-04-12 08:28:31 -04:00
Trammell Hudson
353a0efe6f
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110) 
This adds support for seamless booting of Qubes with a TPM disk key,
as well as signing of qubes files in /boot with a Yubikey.

The signed hashes also includes a TPM counter, which is incremented
when new hashes are signed.  This prevents rollback attacks against
the /boot filesystem.

The TPMTOTP value is presented to the user at the time of entering
the disk encryption keys.  Hitting enter will generate a new code.

The LUKS headers are included in the TPM sealing of the disk
encryption keys.
 2017-04-12 06:57:58 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6) 2017-04-01 23:02:00 -04:00
Trammell Hudson
da2a6580ce
allow key file to be specified on command line 2016-11-23 10:45:39 -05:00
Trammell Hudson
e9e6d661d3
wrappers to seal/unseal drive encryption keys from the TPM 2016-10-28 04:59:51 -04:00