Differences

This shows you the differences between two versions of the page.

--- tech:cheatsheets:linux:luks [2024/04/02 14:16] – [Setup automatic unlock] waldemar
+++ tech:cheatsheets:linux:luks [2024/09/27 07:46] (current) – waldemar
@@ Line 3: / Line 3: @@
 <code bash>
 cryptsetup luksOpen /dev/mmcblk1p3 mmcblk2p3_crypt
-mount /dev/vgkubuntu/root /target # use lvdisplay to find the volume
+mount /dev/vgkubuntu/root /target # use lvdisplay and lsblk to find the volume
 </code>
+==== Grow partition ====
+Note: filesystem should not be mounted when resizing
+  * https://www.redhat.com/sysadmin/resize-lvm-simple
 ===== Change key of encrypted partition =====
 <code bash>
@@ Line 37: / Line 40: @@
 clevis luks regen -d /dev/nvme0n1p3 -s 1
 </code>
+==== Change PCRs ====
+To change PCRs you first need to delete the key and then re-add using the wanted PCRs.
+List the used slots:
+<code bash>
+clevis luks list -d /dev/nvme0n1p3
+</code>
+Remove the slot:
+<code bash>
+clevis luks unbind -d /dev/nvme0n1p3 -s 1 -f
+</code>
+Note: ''-f'' will not ask for confirmation but is needed if there is no other slot set up.
+After that re-add the key like above.
 ===== References =====
@@ Line 46: / Line 65: @@
   * https://wiki.archlinux.org/title/Trusted_Platform_Module#Accessing_PCR_registers
   * https://www.tuxedocomputers.com/en/Infos/Help-Support/Instructions/Change-LUKS-encryption-password.tuxedo
+  * https://discourse.nixos.org/t/full-disk-encryption-tpm2/29454/2
+  * https://wiki.archlinux.org/title/Systemd-cryptenroll