Initcpio TPM attestation hook

Verify system integrity after start (before decrypting the system partition).

Intended to be used with the associated android app.

Setup

Clone this repository
Build and install this package using makepkg -si
Enable this initcpio hook in /etc/mkinitcpio.conf and regenerate the initrd using mkinitcpio
Run ./enroll.sh
Add the displayed public key to the android app

Enabling the hook

The following is an example of how to enable the hook in /etc/mkinitcpio.conf. It must be added after the keyboard and keymap hooks (they need to be added if they are not already enabled).

- HOOKS=(base udev autodetect microcode modconf kms keyboard keymap block filesystems fsck)
+ HOOKS=(base udev autodetect microcode modconf kms keyboard keymap block attest filesystems fsck)

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
PKGBUILD		PKGBUILD
README.md		README.md
enroll.sh		enroll.sh
usr-lib-initcpio-hooks-attest		usr-lib-initcpio-hooks-attest
usr-lib-initcpio-install-attest		usr-lib-initcpio-install-attest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Initcpio TPM attestation hook

Setup

Enabling the hook

About

Releases

Packages

Languages

Kioubit/mkinitcpio-attestation

Folders and files

Latest commit

History

Repository files navigation

Initcpio TPM attestation hook

Setup

Enabling the hook

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages