Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-16266

Remote volume key sealing with standard systemd tools

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • rhel-sst-virtualization-cloud
    • ssg_virtualization
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      Add support for remove volume key sealing (TPM) to the standard systemd tools (systemd-cryptenroll, systemd-cryptsetup)

      Goal: 

      • Make it possible to perform remove volume key sealing against target TPM and the expected PCR values with standard systemd tools (systemd-cryptenroll, systemd-cryptsetup)

      The following upstream pull requests to systemd implement the idea:

      Note, Azure Confidential VM Tech Preview uses a different proof-of-concept solution where remotely sealed credentials are 'imported' before first use. The relevant code can be found here: https://gitlab.com/vkuznets/tpm2-luks-import/ The encryption part is available here: https://gitlab.com/vkuznets/encrypt-rhel-image 

      Acceptance Criteria

      TBC

              vkuznets@redhat.com Vitaly Kuznetsov
              rh-ee-andavis Anthony Davis
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: