third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-04-13 09:37:13 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Install dracut. Add What? README sexion. Describe initrd installation in README

Browse Source
This commit is contained in:
наб 2020-12-03 20:13:28 +01:00
parent 21b928bcf3
commit 96f80c1b09
No known key found for this signature in database
GPG Key ID: BCFD0B018D2658F1
2 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Makefile
View File

@ -34,11 +34,11 @@ SHELLCHECK_SOURCES := $(sort $(shell grep -lR '#!/bin/.*sh' $(INITRDDIR)))
MANPAGE_SOURCES := $(sort $(wildcard $(MANDIR)*.md.pp))
.PHONY : all clean build shellcheck i-t man
.PHONY : all clean build shellcheck i-t dracut man
.SECONDARY:
all : build man shellcheck i-t
all : build man shellcheck i-t dracut
clean :
rm -rf $(OUTDIR)
@ -47,6 +47,7 @@ build : $(subst $(SRCDIR)bin/,$(OUTDIR),$(subst .cpp,$(EXE),$(BINARY_SOURCES)))
man : $(OUTDIR)man/index.txt
shellcheck : $(BLDDIR)shellcheck-stamp
i-t : $(OUTDIR)initramfs-tools
dracut : $(OUTDIR)dracut
$(OUTDIR)man/index.txt : $(MANDIR)index.txt $(patsubst $(MANDIR)%.pp,$(OUTDIR)man/%,$(MANPAGE_SOURCES))
@ -60,10 +61,14 @@ $(BLDDIR)shellcheck-stamp : $(SHELLCHECK_SOURCES)
$(SHELLCHECK) --exclude SC1091 $^
@date > $@
$(OUTDIR)initramfs-tools : $(sort $(wildcard $(INITRDDIR)initramfs-tools))
$(OUTDIR)initramfs-tools : $(INITRDDIR)initramfs-tools
@mkdir -p $@/usr/share/initramfs-tools/hooks $@/usr/share/tzpfms
ln $(INITRDDIR)initramfs-tools/hook $@/usr/share/initramfs-tools/hooks/tzpfms
ln $(INITRDDIR)initramfs-tools/zfs-patch.sh $@/usr/share/tzpfms/initramfs-tools-zfs-patch.sh
ln $^/hook $@/usr/share/initramfs-tools/hooks/tzpfms
ln $^/zfs-patch.sh $@/usr/share/tzpfms/initramfs-tools-zfs-patch.sh
$(OUTDIR)dracut : $(INITRDDIR)dracut
@mkdir -p $@/usr/lib/dracut/modules.d/91tzpfms
ln $(wildcard $^/*) $@/usr/lib/dracut/modules.d/91tzpfms
$(OUTDIR)%$(EXE) : $(subst $(SRCDIR),$(OBJDIR),$(subst .cpp,$(OBJ),$(SRCDIR)bin/%.cpp $(COMMON_SOURCES)))

12
README.md
View File

@ -12,6 +12,15 @@ T P M
Plus it's a pretty good annoyed sigh onomatopoeia.
### What?
Essentially BitLocker, but for ZFS
a random raw key is generated and sealed to the TPM (both 2 and 1.x supported) with an additional optional password in front of it,
tying the dataset to the platform and an additional optional secret (or to the posession of the back-up).
Both dracut (with/without Plymouth) (with/without hostonly) and initramfs-tools (with/without Plymouth) are supported for
[ZFS-on-root](https://nabijaczleweli.xyz/content/blogn_t/005-low-curse-zfs-on-root.html) set-ups.
### Building
You'll need `pkg-config`, `ronn`, `shellcheck`, `libzfslinux-dev`, `libtss2-dev`, `libtspi-dev`, and `make` should hopefully Just Work™ if you have a C++17-capable compiler.
@ -22,6 +31,9 @@ The output binaries are trimmed of extraneous dependencies, so they're all just
Copy the `out/zfs-tpm*` binaries corresponding to the back-ends you want to `/sbin`,
continue as the [manual](//git.sr.ht/~nabijaczleweli/tzpfms/tree/man/zfs-tpm2-change-key.md) [page](//git.sr.ht/~nabijaczleweli/tzpfms/tree/man/zfs-tpm1x-change-key.md) instructs.
For initrd support, copy the content of either `out/dracut/` or `out/initramfs-tools/` over `/`;
these need `zfs-tpm-list` but will work with any combination of back-end `*-load-key` binaries.
<!-- #### From Debian repository
The following line in `/etc/apt/sources.list` or equivalent: