Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/examples
diff options
context:
space:
mode:
authorAnton Hvornum <anton@hvornum.se>2022-05-18 11:28:59 +0200
committerGitHub <noreply@github.com>2022-05-18 11:28:59 +0200
commit493cccc18fa8c77c362b6abee2c3dc89d331c792 (patch)
tree5778ffbf361ecf80360b4848bc683c8387965d9a /examples
parent561ea7e8f5c326312cc61c03d1b2329111f7634b (diff)
Added a HSM menu entry (#1196)
* Added a HSM menu entry, but also a safety check to make sure a FIDO device is connected * flake8 complaints * Adding FIDO lookup using cryptenroll listing * Added systemd-cryptenroll --fido2-device=list * Removed old _select_hsm call * Fixed flake8 complaints * Added support for locking and unlocking with a HSM * Removed hardcoded paths in favor of PR merge * Removed hardcoded paths in favor of PR merge * Fixed mypy complaint * Flake8 issue * Added sd-encrypt for HSM and revert back to encrypt when HSM is not used (stability reason) * Added /etc/vconsole.conf and tweaked fido2_enroll() to use the proper paths * Spelling error * Using UUID instead of PARTUUID when using HSM. I can't figure out how to get sd-encrypt to use PARTUUID instead. Added a Partition().part_uuid function. Actually renamed .uuid to .part_uuid and created a .uuid instead. * Adding missing package libfido2 and removed tpm2-device=auto as it overrides everything and forces password prompt to be used over FIDO2, no matter the order of the options. * Added some notes to clarify some choices. * Had to move libfido2 package install to later in the chain, as there's not even a base during mounting :P
Diffstat (limited to 'examples')
-rw-r--r--examples/guided.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/examples/guided.py b/examples/guided.py
index f104b7e3..3b762a8b 100644
--- a/examples/guided.py
+++ b/examples/guided.py
@@ -57,6 +57,10 @@ def ask_user_questions():
# Get disk encryption password (or skip if blank)
global_menu.enable('!encryption-password')
+ if archinstall.arguments.get('advanced', False) or archinstall.arguments.get('HSM', None):
+ # Enables the use of HSM
+ global_menu.enable('HSM')
+
# Ask which boot-loader to use (will only ask if we're in UEFI mode, otherwise will default to GRUB)
global_menu.enable('bootloader')
@@ -130,6 +134,7 @@ def perform_installation(mountpoint):
Only requirement is that the block devices are
formatted and setup prior to entering this function.
"""
+
with archinstall.Installer(mountpoint, kernels=archinstall.arguments.get('kernels', ['linux'])) as installation:
# Mount all the drives to the desired mountpoint
# This *can* be done outside of the installation, but the installer can deal with it.
@@ -301,5 +306,6 @@ if archinstall.arguments.get('dry_run'):
if not archinstall.arguments.get('silent'):
input(str(_('Press Enter to continue.')))
+archinstall.configuration_sanity_check()
perform_filesystem_operations()
perform_installation(archinstall.storage.get('MOUNT_POINT', '/mnt'))