initial

1 files changed, 38 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8a0e473
--- /dev/null
+++ b/README.md
@@ -0,0 +1,38 @@
+## Luks TPM
+
+Loads a LUKS tpm2 key during inital ramdisk to auto decrypt drive under secure conditions
+
+### Requirements
+
+#### mkinitcpio
+
+This setup contains hooks to be used with `mkinitcpio`
+
+To setup the hook run `make install` as root and then add the `tpm2` hook before the `encrypt` hook in `/etc/mkinitcpio.conf`
+
+#### tpm2-tools
+
+Make sure the `tpm2-tools` are installed so keys can be generated and unsealed
+
+For arch linux, its as easy as `pacman -S tpm2-tools`
+
+### Generating Keys
+
+#### Bash variables
+
+Before you can run the script make sure the `device`, `slot`, `keyloc`, and `pcr`, variables at the top of the script.
+
+- `device` - The block device the LUKS partition is located at
+- `slot` - The key slot that the key will be put in (WARNING this slot will be overwritten if it contains data)
+- `keyloc` - The tpm location the key will be sealed in (default is fine usually)
+- `pcr` - The pcr rules for storing the key (default is fine usually)
+
+#### Generation
+
+Key generation is automatic with the `gentpm.sh` script
+
+Run `make build` as root, this will generate and store the keys, and also rebuild the ramdisk
+
+### License
+
+This project is licensed under the MIT license