void-linux
New packages: tpm2-totp-0.3.0, tpm2-tools-5.2
Closes #38508
Testing the changes
- I tested the changes in this PR: NO
New package
- This new package conforms to the quality requirements: YES
@jacobmyers-codeninja Could you test this package?
Yes. I will be able to test and play around within a day or two, thanks!
I noticed the automatic test suite can be run if we package the https://github.com/tpm2-software/tpm2-tools package, I'm not sure if that would be useful?
tpm2-tss is in the packages already, and it appears to be what tpm2-tools is using for everything. It might make sense to just include tools to also get the bonus of all the unit tests for all the tooling.
At least if it looks like that would be easy enough to include, the tools does seem to include a lot of useful small utilities for tpm2 management.
I was able to install both tmp2-tools and tpm2-totp. I also added a dracut line to ensure it was configured (might not have been necessary really).
I was able to register a totp onto the TPM in its default configuration and on boot up it is showing the time based rolling codes while awaiting my LUKS key. This matches my authenticator app and I can continue to boot normally into the system.
Recovery/reseal is working as well, tested out some tools and everything seems to function as expected. So this looks good to me.
Only drawback is they apparently made an update in 2021 to handle passing the generator password through STDIN instead of the command line and renamed a few of the parameters at that time (generate instead of init for example). Functionality wise nothing is changed and it is perfectly functional at the .3.0 state, but hopefully a .4 will come out with the changes so the README on the github matches better.
Thanks!
I was wondering about plymouth - it was giving me a bit of trouble as a package dependency so I left it out and just added dracut and mkinitcpio to generate hooks, does that change anything?
It doesn't have a hard dependency on plymouth. If it is present it will behave in a way to work nicely with it, but if it is not available it will just default to printing directly to the terminal. This is the configuration I am using as I do not actually have plymouth installed on this test machine.
