joel/archinstall-luks2-lvm2-secureboot-tpm2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

the value for tpm2-pin switch should be either yes or no

Browse Source
This commit is contained in:
Emil Senan
2024-12-25 19:55:15 +01:00
committed by GitHub
parent 3fec16174e
commit f45d500722
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -588,7 +588,7 @@ We'll now enroll our system firmware and secure boot state.
This would allow our TPM to unlock our encrypted drive, as long as the state hasn't changed. This would allow our TPM to unlock our encrypted drive, as long as the state hasn't changed.
``` ```
$ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --tpm2-public-key /etc/kernel/pcr-initrd.pub.pem --tpm2-with-pin=BOOL /dev/nvme0n1p2 $ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --tpm2-public-key /etc/kernel/pcr-initrd.pub.pem --tpm2-with-pin=yes /dev/nvme0n1p2
``` ```
**Warning**: It is recommended to use a pin to unlock the TPM, instead of allowing it to unlock automatically, for more security. **Warning**: It is recommended to use a pin to unlock the TPM, instead of allowing it to unlock automatically, for more security.