dnoliver · January 13, 2020 22:01
diff --git a/disk-encryption.sh b/disk-encryption.sh
  GNU nano 4.3                                             disk-encryption.sh                                                       
 #!/bin/bash

 set -euxo pipefail

 rpm -qa clevis* cryptsetup* luks* tpm2* e*fspr* | sort

 # Creation

 # dd if=/dev/zero of=/dev/sda1 bs=1M status=progress
 openssl rand -hex 8 > key
 cryptsetup -q luksFormat /dev/sda1 key
 clevis luks bind -f -k key -d /dev/sda1 tpm2 '{"pcr_bank":"sha256", "pcr_ids":"0,1"}'
 cryptsetup luksRemoveKey /dev/sda1 key
 cryptsetup luksOpen /dev/sda1 c1 --key-file key || echo "Key Removed Succesfully"
 clevis luks unlock -d /dev/sda1 -n c1
 # dd if=/dev/zero of=/dev/mapper/c1 bs=1M status=progress
 mkfs.ext4 /dev/mapper/c1
 sleep 1

 # Mount

 mkdir -p /tmp/disk-encryption-mount
 mount /dev/mapper/c1 /tmp/disk-encryption-mount

 # Sanitization

 umount /tmp/disk-encryption-mount
 cryptsetup luksClose c1
 clevis luks unbind -d /dev/sda1 -s 1 -f
 tpm2_clear
	GNU nano 4.3 disk-encryption.sh
	#!/bin/bash

	set -euxo pipefail

	rpm -qa clevis* cryptsetup* luks* tpm2* efspr \| sort

	# Creation

	# dd if=/dev/zero of=/dev/sda1 bs=1M status=progress
	openssl rand -hex 8 > key
	cryptsetup -q luksFormat /dev/sda1 key
	clevis luks bind -f -k key -d /dev/sda1 tpm2 '{"pcr_bank":"sha256", "pcr_ids":"0,1"}'
	cryptsetup luksRemoveKey /dev/sda1 key
	cryptsetup luksOpen /dev/sda1 c1 --key-file key \|\| echo "Key Removed Succesfully"
	clevis luks unlock -d /dev/sda1 -n c1
	# dd if=/dev/zero of=/dev/mapper/c1 bs=1M status=progress
	mkfs.ext4 /dev/mapper/c1
	sleep 1

	# Mount

	mkdir -p /tmp/disk-encryption-mount
	mount /dev/mapper/c1 /tmp/disk-encryption-mount

	# Sanitization

	umount /tmp/disk-encryption-mount
	cryptsetup luksClose c1
	clevis luks unbind -d /dev/sda1 -s 1 -f
	tpm2_clear