eduardolfalcao/disk-encryption.sh

## disk-encryption.sh
  GNU nano 4.3                                             disk-encryption.sh
#!/bin/bash

set -euxo pipefail

rpm -qa clevis* cryptsetup* luks* tpm2* e*fspr* | sort

# Creation

# dd if=/dev/zero of=/dev/sda1 bs=1M status=progress
openssl rand -hex 8 > key
cryptsetup -q luksFormat /dev/sda1 key
clevis luks bind -f -k key -d /dev/sda1 tpm2 '{"pcr_bank":"sha256", "pcr_ids":"0,1"}'
cryptsetup luksRemoveKey /dev/sda1 key
cryptsetup luksOpen /dev/sda1 c1 --key-file key || echo "Key Removed Succesfully"
clevis luks unlock -d /dev/sda1 -n c1
# dd if=/dev/zero of=/dev/mapper/c1 bs=1M status=progress
mkfs.ext4 /dev/mapper/c1
sleep 1

# Mount

mkdir -p /tmp/disk-encryption-mount
mount /dev/mapper/c1 /tmp/disk-encryption-mount

# Sanitization

umount /tmp/disk-encryption-mount
cryptsetup luksClose c1
clevis luks unbind -d /dev/sda1 -s 1 -f
tpm2_clear
	GNU nano 4.3 disk-encryption.sh
	#!/bin/bash

	set -euxo pipefail

	rpm -qa clevis* cryptsetup* luks* tpm2* efspr \| sort

	# Creation

	# dd if=/dev/zero of=/dev/sda1 bs=1M status=progress
	openssl rand -hex 8 > key
	cryptsetup -q luksFormat /dev/sda1 key
	clevis luks bind -f -k key -d /dev/sda1 tpm2 '{"pcr_bank":"sha256", "pcr_ids":"0,1"}'
	cryptsetup luksRemoveKey /dev/sda1 key
	cryptsetup luksOpen /dev/sda1 c1 --key-file key \|\| echo "Key Removed Succesfully"
	clevis luks unlock -d /dev/sda1 -n c1
	# dd if=/dev/zero of=/dev/mapper/c1 bs=1M status=progress
	mkfs.ext4 /dev/mapper/c1
	sleep 1

	# Mount

	mkdir -p /tmp/disk-encryption-mount
	mount /dev/mapper/c1 /tmp/disk-encryption-mount

	# Sanitization

	umount /tmp/disk-encryption-mount
	cryptsetup luksClose c1
	clevis luks unbind -d /dev/sda1 -s 1 -f
	tpm2_clear