@@ -326,7 +326,7 @@ every time.
326326
327327Here is how the solution works:
328328
329- - I used ` dracut ` modules to [ install] ( ./src/core-switch/scripts/security/sedutil/setup.sh ) custom
329+ - I used ` dracut ` modules to [ install] ( ./src/core-switch/scripts/security/sedutil/setup.sh ) custom
330330logic at boot.
331331- The [ module] ( ./src/core-switch/scripts/security/sedutil/module-setup.sh ) I created includes
332332` sedutil-cli ` , ` argon2 ` , ` clevis-tpm2 ` and associated libraries. It also includes tpm2-encrypted
@@ -362,10 +362,10 @@ About this solution: We use a null salt for the `argon2` extension, since we wan
362362recover from passphrase alone. The argon2 params run in about 10 seconds on my system, which is a
363363bit much, but I am okay with it since passwordless boot just needs to TPM-decrypt the passphrase
364364and unlock, there is no derivation necessary. To make the dracut module a bit nicer, one could add
365- real checks in the ` check ` method of ` module-setup.sh ` . In reality though , this module not firing in
366- my system would render it unbootable, so check merely provides feedback that everything expected is
367- present when building the image, but it doesn't guarantee you didn't forget to add something you
368- needed. Anyway, ` check() ` should be populated.
365+ real checks in the ` check ` method of ` module-setup.sh ` . In reality, this module not firing in
366+ my system would render it unbootable - so check merely provides feedback that everything expected is
367+ present when building the image - it doesn't guarantee you didn't forget to add something you
368+ needed. As such, it was kind of useless during development. Anyway, ` check() ` should be populated.
369369
370370### Networking Setup
371371
0 commit comments