Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: luks allow wipe for re-enroll and improve prompt/output #336

Merged
merged 4 commits into from
Nov 2, 2024
Merged

fix: luks allow wipe for re-enroll and improve prompt/output #336

merged 4 commits into from
Nov 2, 2024

Conversation

bsherman
Copy link
Contributor

@bsherman bsherman commented Nov 2, 2024
edited
Loading

luks tpm2 auto lock/unlock scripts should not actually reference ujust since they can be used without it.

if user has found these ujust recipes, it should be obvious what to do from the ujust list of recipes.

Also, why not wipe and re-enroll.

Closes: #326

@bsherman
fix: luks scripts messaging
8d3c9ac 
luks tpm2 auto lock/unlock scripts should not actually reference ujust
since they can be used without it.

if user has found these ujust recipes, it should be obvious what to do
from the ujust list of recipes.

Closes: #326
@bsherman bsherman requested review from castrojo, m2Giles and a team November 2, 2024 20:01
@antheas
Copy link

antheas commented Nov 2, 2024

Speaking of, might as well fix this instead of tweaking the message.

The script should re-enroll the signature if its called again. It's very annoying to have to call unenroll when the hash gets invalidated to re-enroll it.

@antheas
Copy link

antheas commented Nov 2, 2024

I think you can remove the whole block that checks if tpm2 is enrolled and just append --wipe-slot=tpm2 in the place you enroll.

@bsherman bsherman changed the title fix: luks scripts messaging fix: luks allow wipe for re-enroll and improve prompt/output Nov 2, 2024
@bsherman bsherman added this pull request to the merge queue Nov 2, 2024
Merged via the queue into main with commit 537655a Nov 2, 2024
5 checks passed
@bsherman bsherman deleted the tpm-err-msg branch November 2, 2024 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@m2Giles m2Giles m2Giles approved these changes

@castrojo castrojo castrojo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix ujust TPM error message
4 participants
@bsherman @antheas @castrojo @m2Giles