Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/thesola10/dracut-swap-tpm2

TPM-backed swap encryption with hibernate support
https://github.com/thesola10/dracut-swap-tpm2

dracut dracut-module swap tpm2

Last synced: 7 days ago
JSON representation

TPM-backed swap encryption with hibernate support

Host: GitHub
URL: https://github.com/thesola10/dracut-swap-tpm2
Owner: Thesola10
Created: 2024-02-06T10:03:10.000Z (9 months ago)
Default Branch: master
Last Pushed: 2024-08-25T20:43:43.000Z (2 months ago)
Last Synced: 2024-10-10T19:13:16.150Z (28 days ago)
Topics: dracut, dracut-module, swap, tpm2
Language: Shell
Homepage:
Size: 16.6 KB
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # TPM-backed swap encryption with hibernate support

This is my dracut config to encrypt swap with a random key at shutdown, which is then unsealed from TPM to support hibernation.

## Install

On Arch Linux, install the [`dracut-swap-tpm2-git`](https://aur.archlinux.org/packages/dracut-swap-tpm2-git) package from AUR.

Otherwise, run `make install` after cloning this repository.

## Setup

This script creates a dracut module called `swap-tpm2`. Below is an example config file:

```sh

add_dracutmodules+=" swap-tpm2 crypt "

kernel_cmdline+=" rd.swap_tpm2_partition=/dev/sda3 rd.swap_tpm2_handle=0x81000000 rd.swap_tpm2_auth=pcr:sha256:0,2,4,7 "

```

You also need to enable `tpm2-rotate-swapkey.service` in order to enable regenerating the encrypted swap partition. This unit reads kernel command line options and may not work before a reboot.