Commit e4562c83 authored by Ondrej Kozina's avatar Ondrej Kozina Committed by Milan Broz

Add LUKS2 nvcrypt examples

parent f507d16b
TARGET=keyslot_test
CFLAGS=-O0 -g -Wall -D_GNU_SOURCE -I ../../lib/
LIBNVCRYPT_PATH=/home/user/usr/lib
LIBNVCRYPT_INCLUDE=/home/user/usr/include
CFLAGS=-O0 -g -Wall -D_GNU_SOURCE -I ../../lib/ -I$(LIBNVCRYPT_INCLUDE)
LDLIBS=-ljson-c -luuid -lgcrypt -ldevmapper -lpthread -lssh
LDLIBS_NVCRYPT=-lm -lnvcrypt -lpopt
CC=gcc
TARGET2=keyslot_test_remote_pass
TARGET4=keyslot_add_by_key
TARGET5=nvcrypt_token
TARGET6=nvcrypt_token_keyring
SOURCES=keyslot_test.c
OBJECTS=$(SOURCES:.c=.o)
......@@ -12,8 +17,12 @@ SOURCES2=keyslot_test_remote_pass.c
OBJECTS2=$(SOURCES2:.c=.o)
SOURCES4=keyslot_add_by_key.c
OBJECTS4=$(SOURCES4:.c=.o)
SOURCES5=nvcrypt_token.c
OBJECTS5=$(SOURCES5:.c=.o)
SOURCES6=nvcrypt_token_keyring.c
OBJECTS6=$(SOURCES6:.c=.o)
all: $(TARGET) $(TARGET2) $(TARGET4)
all: $(TARGET) $(TARGET2) $(TARGET4) $(TARGET5) $(TARGET6)
$(TARGET): $(OBJECTS) ../../.libs/libcryptsetup.a
$(CC) -o $@ $^ $(LDLIBS)
......@@ -24,7 +33,13 @@ $(TARGET2): $(OBJECTS2) ../../.libs/libcryptsetup.a
$(TARGET4): $(OBJECTS4) ../../.libs/libcryptsetup.a
$(CC) -o $@ $^ $(LDLIBS)
$(TARGET5): $(OBJECTS5) ../../src/cryptsetup-utils_tools.o ../../src/cryptsetup-utils_password.o ../../.libs/libcryptsetup.a
$(CC) -o $@ $^ $(LDLIBS) $(LDLIBS_NVCRYPT) -L$(LIBNVCRYPT_PATH)
$(TARGET6): $(OBJECTS6) ../../src/cryptsetup-utils_tools.o ../../src/cryptsetup-utils_password.o ../../.libs/libcryptsetup.a
$(CC) -o $@ $^ $(LDLIBS) $(LDLIBS_NVCRYPT) -L$(LIBNVCRYPT_PATH)
clean:
rm -f *.o *~ core $(TARGET) $(TARGET2) $(TARGET4)
rm -f *.o *~ core $(TARGET) $(TARGET2) $(TARGET4) $(TARGET5) $(TARGET6)
.PHONY: clean
to create LUKSv2 container run:
$(top_level_dir)/src/cryptsetup --type luks2 luksFormat /dev/xxx
nvcrypt_token example requires libnvcrypt library installed together
with TPM 1.2 chip present and enabled on the system
nvcrypt_token:
- create LUKS2 device (with at least one keyslot)
- use nvcrypt_token to create new keyslot with two part passprase (nvkeyslot)
- to activate LUKS2 using nvkeyslot use nvcrypt_token
- to remove additional data in TPM for unlocking nvkeyslot, use nvcrypt_token
ncrypt_token_keyring:
- create LUKS2 device (with at least one keyslot)
- create luks2 keyring token (cryptsetup token add command)
- use nvcrypt_token_keyring to create new keyslot with two part passprase (nvkeyslot)
- to load passphrase for nvkeyslot in keyring use nvcrypt_token_keyring load command
- to activate volume using nvkeyslot run cryptsetup open (it'll perform activation by token)
- remove passphrase from session keyring when not needed anymore (cryptsetup doesn't remove passphrase from keyring)
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment