Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kioubit/mkinitcpio-attestation
TPM2.0 Attestation hook for mkinitcpio
https://github.com/kioubit/mkinitcpio-attestation
Last synced: about 1 month ago
JSON representation
TPM2.0 Attestation hook for mkinitcpio
- Host: GitHub
- URL: https://github.com/kioubit/mkinitcpio-attestation
- Owner: Kioubit
- Created: 2024-07-08T11:41:30.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2024-07-10T16:30:54.000Z (6 months ago)
- Last Synced: 2024-07-11T14:25:47.842Z (6 months ago)
- Language: Shell
- Size: 5.86 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Initcpio TPM attestation hook
Verify system integrity after start (before decrypting the system partition).
Intended to be used with the associated [android app](https://github.com/Kioubit/tpmTool).
## Setup
1) Clone this repository
2) Build and install this package using ``makepkg -si``
3) Enable this initcpio hook in ``/etc/mkinitcpio.conf`` and regenerate the initrd using ``mkinitcpio``
4) Run ``./enroll.sh``
5) Add the displayed public key to the [android app](https://github.com/Kioubit/tpmTool)
## Enabling the hook
The following is an example of how to enable the hook in ``/etc/mkinitcpio.conf``. It must be added after the keyboard and keymap hooks (they need to be added if they are not already enabled).
```diff
- HOOKS=(base udev autodetect microcode modconf kms keyboard keymap block filesystems fsck)
+ HOOKS=(base udev autodetect microcode modconf kms keyboard keymap block attest filesystems fsck)
```