clevis
clevis copied to clipboard
Support for TPM key password
Hello,
I just found clevis while researching alternatives to LUKS unlocker that utilizes TPM.
One thing that I noticed is that clevis does not support TPM PIN as in BitLocker (note that "PIN" here means short number that is needed to unlock TPM key with addition to PCRs. That PIN protects against brute-force attacks).
luks-tpm2 uses TPM parent key password for this.
Why is it imporant? To protect against unauthorized extracting of TPM keys.