dodox/nullpoint
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

better README

Browse Source
This commit is contained in:
Dominik Moritz Roth 2025-05-18 18:39:22 +02:00
parent 6f98289af0
commit f4795c232a
1 changed files with 2 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -79,32 +79,9 @@ After firmware updates (UEFI/BIOS), the TPM bindings need to be updated:
3. **Verify Installation** 3. **Verify Installation**
```bash ```bash
ssh root@your-server ssh null@your-server
systemctl status clevis-luks-askpass systemctl status clevis-luks-askpass
lsblk lsblk
btrfs filesystem show # Check RAID1 status btrfs filesystem show # Check RAID1 status
clevis-luks-list -d /dev/sda2 clevis-luks-list -d /dev/sda2
``` ```
## Recovery
If you need to recover the system:
1. **Using Rescue System**
- Boot into Rescue System
- Mount the encrypted volumes:
```bash
cryptsetup luksOpen /dev/sda2 root_a
cryptsetup luksOpen /dev/sdb2 root_b
mount /dev/mapper/root_a /mnt
```
- Access your data at `/mnt`
2. **Using Tang Server**
- Ensure your Tang server is accessible
- The system should automatically unlock if TPM measurements match
3. **Using Manual Passphrase**
- Connect via SSH during early boot (dropbear)
- Enter the LUKS passphrase when prompted
- The passphrase is stored in `/root/luks-passphrase.txt` on the installed system