Now clear the TPM to ensure it can be “owned”. So far I have only had success with the following commands.įirst ensure everything is running. Prep the TPMĪn incompatible TPM might throw some errors, but most TPM chips will work. Some versions of Ubuntu might require some extra steps: Disk Encryption Howto 4. The passphrase will be needed to add the TPM key and it is good to have in case of a TPM failure. cryptsetup luksFormat /dev/sdb1 -q -verify-passphrase Use the command below to create your encrypted disk. You can safely accept the defaults in most scenarios. fdisk /dev/sdbĬhoose n for a new partition, choose p for primary and then w to write it to the disk. Use fdisk to partition your disk as shown below. I will not cover hdparm security in-depth but you can find more information here: Security: Master password revision code = 65534 supported enabled not locked not frozen not expired: security count supported: enhanced erase Security level high 214min for SECURITY ERASE UNIT. Then confirm that security is now enabled using hdparm -I /dev/sdb. You can set a user password for the hard drive with hdparm -user-master u -security-set-passwd "YOUR PASSWORD" /dev/sdbĭO NOT LOSE YOUR PASSWORD it is required to unlock the drive. Security: Master password revision code = 65534 supported not enabled not locked not frozen not expired: security count supported: enhanced erase Your drive should show not enabled with “supported: enhanced erase” security like in the example below. You can check if your drive supports hardware encryption by running hdparm -I /dev/sdb. Some hard drives have built in hardware based encryption and security-erase features that can be used in addition to LUKS encryption. Be sure to read about the - user-master feature if you wish to try this:
0 Comments
Leave a Reply. |