tang icon indicating copy to clipboard operation
tang copied to clipboard

Published 20 hours ago verified publisher icon latchset

Tang in early boot

Open nemihome opened this issue 1 year ago • 0 comments

Hello,

Maybe I'm missunderstanding the documentation: https://access.redhat.com/documentation/de-de/red_hat_enterprise_linux/8/html/security_hardening/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening

In the description the luks key is bound to localhost in the documentation.

I have installed clevis-initramfs and getting the message that clevis has found network interface at early boot. But seems to be tang is not running at that time in early boot.

I do understood that the basic idea is that tang is running on another server and not the same where clevis is running but in my case the idea is just that the drives can not be read by anyone if stolen. That's still the case if tang and clevis coming up byself.

If that is not possible the documentation is missguiding because this localhost bindings do make no sense. In this case this should not be localhost but remotehost for the lunks binding.

nemihome avatar Sep 01 '23 21:09 nemihome