## Luks TPM

Loads a LUKS tpm2 key during inital ramdisk to auto decrypt drive under secure conditions

### Requirements

#### mkinitcpio

This setup contains hooks to be used with `mkinitcpio`

To setup the hook run `make install` as root and then add the `tpm2` hook before the `encrypt` hook in `/etc/mkinitcpio.conf`

#### tpm2-tools

Make sure the `tpm2-tools` are installed so keys can be generated and unsealed

For arch linux, its as easy as `pacman -S tpm2-tools`

### Generating Keys

#### Bash variables

Before you can run the script make sure the `device`, `slot`, `keyloc`, and `pcr`, variables at the top of the script.

- `device` - The block device the LUKS partition is located at
- `slot` - The key slot that the key will be put in (WARNING this slot will be overwritten if it contains data)
- `keyloc` - The tpm location the key will be sealed in (default is fine usually)
- `pcr` - The pcr rules for storing the key (default is fine usually)

#### Generation

Key generation is automatic with the `gentpm.sh` script

Run `make build` as root, this will generate and store the keys, and also rebuild the ramdisk

### License

This project is licensed under the MIT license