Fix tpm-luks-enroll example

Read password from password environment variable and unset it afterwards.
2023-06-11 10:28:03 -04:00
parent 24f7032667
commit 11f422e7cc
1 changed files with 34 additions and 2 deletions
--- a/pc_fedora.md
+++ b/pc_fedora.md
@@ -229,10 +229,16 @@ Create a function in ~./bashrc.d/cryptenroll.sh:

 ```bash
 function tpm-luks-enroll {
+    read -s -p "Password: " PASSWORD
+    export PASSWORD=$PASSWORD
    sudo -E systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/nvme1n1p3
+    unset password
 }
 function tpm-luks-reenroll {
+    read -s -p "Password: " PASSWORD
+    export PASSWORD=$PASSWORD
    sudo -E systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 --wipe-slot=tpm2 /dev/nvme1n1p3
+    unset password
 }
 ```

@@ -259,6 +265,21 @@ tpm-luks-reenroll

 Reboot.

+Or you can create a systemd service which does the reenroll automatically:
+
+```conf
+[Unit]
+Description=Automatically runs systemd-cryptenroll on login
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 --wipe-slot=tpm2 /dev/nvme0n1p3
+Environment=PASSWORD=<password>
+
+[Install]
+WantedBy=multi-user.target
+```
+
 ## RDP with autologin

 https://askubuntu.com/questions/1396745/21-10-make-screen-share-password-permanent
@@ -449,3 +470,14 @@ Icon=/home/ducoterra/.icons/firefox.svg
 Type=Application
 Categories=Browser;
 ```
+
+## Install ffmpegthumbnailer, remove totem
+
+totem-thumbnailer crashes all the time and isn't as good as ffmpeg's thumbnailer.
+What's more, totem video player ("Videos" by default on gnome) is not as good as vlc
+and doesn't work very well for anything more than basic video playback.
+
+```bash
+sudo dnf remove totem
+sudo dnf install ffmpegthumbnailer
+```