Automated decryption framework
e9acb551d3
In some situations, especially with older versions of clevis, we can end up with a partially used luksmeta slot. We can identify such slots because they will be marked as inactive, yet they will contain the clevis UUID, "cb6e8904-81ff-40da-a84a-07ab9ab5715e". When this situation happens, we have cryptsetup and luksmeta slots "out of sync", and since we currently have cryptsetup choose the slot, we may end up trying to use such a partially used slot, which in turn will fail because luksmeta will not be able to save data to it. We handle this case by wiping the partially used slot, if we identify the situation will arise. Tests also added to verify this case is handled properly. Fixes: #70 |
||
|---|---|---|
| .gitignore | ||
| 0001-Backport-upstream-tests-and-fixes.patch | ||
| 0002-Disabling-LUKS2-tests-for-now.patch | ||
| 0003-Handle-case-where-we-try-to-use-a-partially-used-luk.patch | ||
| Add-device-TCTI-library-to-the-initramfs.patch | ||
| clevis-encrypt-tpm2-fix-TPM-object-attributes.patch | ||
| clevis-pin-tpm2-module-setup.sh-test-for-required-bi.patch | ||
| clevis.spec | ||
| Delete-remaining-references-to-the-removed-http-pin.patch | ||
| Install-cryptsetup-and-tpm2_pcrlist-in-the-initramfs.patch | ||
| pins-tpm2-add-support-for-tpm2-tools-4.X.patch | ||
| sources | ||