From Fedora Project Wiki
(Created page with " = Description = A simple validation test case for Clevis on Fedora IoT Edition. = Setup = Install a system with an encrypted root filesystem. See QA:Testcase_partitioning_g...") |
|||
| Line 6: | Line 6: | ||
= How to test = | = How to test = | ||
Verify decryption is working via TPM2 | |||
echo foo | clevis encrypt tpm2 '{}' | clevis decrypt | |||
Get the UUID of the encrypted device | |||
UUID=$(lsblk | grep luks | sed 's/^.*luks-//' | cut -d ' ' -f1) | |||
DEV=$(blkid --uuid $UUID) | |||
Check encryption details of the device | |||
cryptsetup luksDump $DEV | |||
Verify the passphrase before setting | |||
cryptsetup luksOpen --test-passphrase --key-slot 0 /dev/sda3 && echo correct | |||
Setup Clevis to decrypt via TPM2 on boot | |||
clevis luks bind -f -k- -d $DEV tpm2 '{}' <<< $YOUR_PASSPHRASE | |||
= Results= | = Results= | ||
Revision as of 18:01, 20 March 2020
Description
A simple validation test case for Clevis on Fedora IoT Edition.
Setup
Install a system with an encrypted root filesystem. See this testcase for further details.
How to test
Verify decryption is working via TPM2
echo foo | clevis encrypt tpm2 '{}' | clevis decrypt
Get the UUID of the encrypted device
UUID=$(lsblk | grep luks | sed 's/^.*luks-//' | cut -d ' ' -f1) DEV=$(blkid --uuid $UUID)
Check encryption details of the device
cryptsetup luksDump $DEV
Verify the passphrase before setting
cryptsetup luksOpen --test-passphrase --key-slot 0 /dev/sda3 && echo correct
Setup Clevis to decrypt via TPM2 on boot
clevis luks bind -f -k- -d $DEV tpm2 '{}' <<< $YOUR_PASSPHRASE