joel/archinstall-luks2-lvm2-secureboot-tpm2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2 from emilsenan/patch-1

Browse Source 
The value for tpm2-pin switch should be either yes or no
This commit is contained in:
Joel Mathew Thomas
2024-12-26 01:28:29 +05:30
committed by GitHub
parent 3fec16174e f45d500722
commit 9e39570341
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -588,7 +588,7 @@ We'll now enroll our system firmware and secure boot state.
This would allow our TPM to unlock our encrypted drive, as long as the state hasn't changed. This would allow our TPM to unlock our encrypted drive, as long as the state hasn't changed.
``` ```
$ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --tpm2-public-key /etc/kernel/pcr-initrd.pub.pem --tpm2-with-pin=BOOL /dev/nvme0n1p2 $ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --tpm2-public-key /etc/kernel/pcr-initrd.pub.pem --tpm2-with-pin=yes /dev/nvme0n1p2
``` ```
**Warning**: It is recommended to use a pin to unlock the TPM, instead of allowing it to unlock automatically, for more security. **Warning**: It is recommended to use a pin to unlock the TPM, instead of allowing it to unlock automatically, for more security.