PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Add TPM PIN

Browse Source 
Signed-off-by: samsepi0l <74207682+d4rklynk@users.noreply.github.com>
This commit is contained in:
samsepi0l 2022-12-29 16:27:13 +01:00 committed by GitHub
parent 149e207d6e
commit 352c360b68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
content/posts/linux/Desktop-Linux-Hardening.md
View File

@ -45,7 +45,7 @@ Check your encrypted volumes :
Then, you can finally enroll your encrypted volumes :
```
# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/sdX
# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/sdX --tpm2-with-pin=yes
```
Replace sdX with the right volume.
@ -72,6 +72,8 @@ SLOT TYPE
2 recovery
```
When booting, it will ask you the password for LUKS, then the TPM2 PIN.
Note that with secure boot enabled, you should manually sign your NVidia drivers with [akmod](https://github.com/larsks/akmod-sign-modules).
### Encrypted Swap