forked from electrickite/luks-tpm2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
default
38 lines (36 loc) · 1.51 KB
/
default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# Configuration file for luks-tpm2
#
# Commented variables show default values.
# Common settings
#
# TMPFS_MOUNT Mount point for the tmpfs file system
# SEALED_KEY_PUBLIC Absolute path to public portion of the sealed key
# SEALED_KEY_PRIVATE Absolute path to private portion of the sealed key
# PARENT_HANDLE Handle of the parent key when sealing data on disk
# PARENT_KEY_PROMPT Prompt for parent key password
# PARENT_KEY_PATH Path to a file containing the parent key password
# NVRAM_INDEX Index of NVRAM area to store key
# KEY_SIZE Size in bytes of the generated key
# TPM_KEY_SLOT LUKS slot number for the TPM-managed key
# RESET_KEY_SLOT LUKS slot number for temporary reset passphrase
# PCRS TPM2-Tools PCR bank selection list used to seal key
# UNSEAL_PCRS TPM2-Tools PCR bank selection list used to unseal key
# TPM2TOOLS_TCTI TPM2-Tools TCTI identifier
# COMPUTE_COMMAND The command used to precompute PCR values
# Ex: "tpm_futurepcr -L '::pcr::' -o '::output::'"
# ROOT_DEVICE The LUKS block device path
# ACTION The default command action
#TMPFS_MOUNT="/root/keyfs"
#SEALED_KEY_PUBLIC="/boot/keyfile.pub"
#SEALED_KEY_PRIVATE="/boot/keyfile.priv"
#PARENT_HANDLE="0x81000001"
#PARENT_KEY_PROMPT=""
#PARENT_KEY_PATH=""
#NVRAM_INDEX=""
#KEY_SIZE=32
#TPM_KEY_SLOT=1
#RESET_KEY_SLOT=2
#PCRS="sha256:0,2,4,7"
#UNSEAL_PCRS="sha256:0,2,4,7"
#TPM2TOOLS_TCTI="device:/dev/tpmrm0"
#COMPUTE_COMMAND=""