To fix the issue I removed your patch and added this one: https://github.com/bcarmo-caio/sedutil/commit/5ca6100917a025f6e11ae20838e1e37e7db2d587.patch
Now it compiles flawlessly.
Search Criteria
Package Details: sedutil 1.49.6-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/sedutil.git (read-only, click to copy) |
---|---|
Package Base: | sedutil |
Description: | TCG OPAL 2.00 SED Management Program |
Upstream URL: | https://github.com/Drive-Trust-Alliance/sedutil |
Licenses: | GPL3 |
Submitter: | R00KIE |
Maintainer: | ozz |
Last Packager: | ozz |
Votes: | 45 |
Popularity: | 0.98 |
First Submitted: | 2015-10-18 14:02 (UTC) |
Last Updated: | 2024-12-14 14:43 (UTC) |
Dependencies (8)
- libnvme
- dosfstools (dosfstools-gitAUR) (optional) – to create a bootable PBA disk image
- gptfdisk (gptfdisk-gitAUR) (optional) – to create a bootable PBA disk image
- intel-ucode (intel-ucode-gitAUR, intel-real-ucode-gitAUR) (optional) – microcode update files for Intel CPUs
- mtools (mtools-svnAUR) (optional) – to create a bootable PBA disk image
- parted (parted-gitAUR) (optional) – to create a bootable PBA disk image
- syslinux (optional) – to create a bootable PBA disk image
- yubikey-personalization (yubikey-personalization-gitAUR) (optional) – for yubikey support
Required by (0)
Sources (11)
Latest Comments
« First ‹ Previous 1 2 3 4
darkbasic commented on 2016-12-12 13:16 (UTC) (edited on 2016-12-12 13:16 (UTC) by darkbasic)
darkbasic commented on 2016-12-12 13:09 (UTC)
g++ -m64 -Wall -D_FORTIFY_SOURCE=2 -O2 -c -Werror -I.. -I../../Common -I../../Common/pbdkf2 -std=c++11 -MMD -MP -MF "build/Release_x86_64/GNU-Linux/_ext/5c0/DtaDevOS.o.d" -o build/Release_x86_64/GNU-Linux/_ext/5c0/DtaDevOS.o ../DtaDevOS.cpp
In file included from ../DtaDevLinuxNvme.h:21:0,
from ../DtaDevLinuxNvme.cpp:33:
/usr/lib/modules/4.8.13-1-ARCH/build/include/linux/nvme.h: In function ‘bool nvme_is_write(nvme_command*)’:
/usr/lib/modules/4.8.13-1-ARCH/build/include/linux/nvme.h:858:57: error: ‘unlikely’ was not declared in this scope
if (unlikely(cmd->common.opcode == nvme_fabrics_command))
^
make[2]: *** [nbproject/Makefile-Release_x86_64.mk:184: build/Release_x86_64/GNU-Linux/_ext/5c0/DtaDevLinuxNvme.o] Error 1
make[2]: *** Waiting for unfinished jobs....
In file included from ../DtaDevLinuxNvme.h:21:0,
from ../DtaDevOS.cpp:36:
/usr/lib/modules/4.8.13-1-ARCH/build/include/linux/nvme.h: In function ‘bool nvme_is_write(nvme_command*)’:
/usr/lib/modules/4.8.13-1-ARCH/build/include/linux/nvme.h:858:57: error: ‘unlikely’ was not declared in this scope
if (unlikely(cmd->common.opcode == nvme_fabrics_command))
^
make[2]: *** [nbproject/Makefile-Release_x86_64.mk:194: build/Release_x86_64/GNU-Linux/_ext/5c0/DtaDevOS.o] Error 1
make[2]: Leaving directory '/tmp/yaourt-tmp-niko/aur-sedutil/src/sedutil-1.12/linux/CLI'
make[1]: *** [nbproject/Makefile-Release_x86_64.mk:80: .build-conf] Error 2
make[1]: Leaving directory '/tmp/yaourt-tmp-niko/aur-sedutil/src/sedutil-1.12/linux/CLI'
make: *** [nbproject/Makefile-impl.mk:40: .build-impl] Error 2
linux-headers is installed.
R00KIE commented on 2016-08-27 21:39 (UTC)
To build this package you need to install one of the following:
linux-headers: if you are using Arch's kernel
linux-lts-headers: if you are using Arch's LTS kernel
R00KIE commented on 2016-08-27 21:37 (UTC) (edited on 2016-12-13 14:02 (UTC) by R00KIE)
@jarondl
I was looking into this and I haven't found yet a way to makedepend on either linux-headers or linux-lts-headers. Those are the headers packages for the two kernels in [core], so making it a hard dependency on either of them is not right.
For now I'll make a comment sticky warning that one of them needs to be installed.
jarondl commented on 2016-08-21 01:03 (UTC)
Hi, Could you add a dependency on linux-headers?
Thanks
XG_SiNGH commented on 2016-03-12 19:45 (UTC) (edited on 2016-03-12 19:46 (UTC) by XG_SiNGH)
NEWS: I've created a new article in the Arch Wiki: Self-Encrypting Drives (SED)
https://wiki.archlinux.org/index.php/Self-Encrypting_Drives_(SED)
(note; the link comes out broken here, don't click - copy & paste the whole line)
It specifically covers usage of sedutil.
I've tried making it as complete as I could, but it needs review.
Discuss at this forum thread: https://bbs.archlinux.org/viewtopic.php?pid=1611886
(+ at the article's talk page)
Thanks everyone!
R00KIE commented on 2016-01-31 23:28 (UTC) (edited on 2016-01-31 23:56 (UTC) by R00KIE)
I've been wanting to create a wiki page explaining how all this is setup but haven't gotten around to it yet.
The package installs sedutil, the pba program that is used in the upstream pba images and a few arch specific scripts and configuration files.
You will need to configure your console keymap properly [1] (this was my main motivation, you can pick your own keymap), edit /etc/linuxpba/linuxpba.conf and configure it to your liking (the comments there should explain what each option does), create a keyring file at /etc/linuxpba/keyring.luks and then create the pba images with mklinuxpba-bios.
mklinuxpba-bios calls mklinuxpba-initramfs to generate the initramfs and then mklinuxpba-bios used the current linux and pba initramfs to create the pba image.
I had a draft text file with rough instructions on how to configure the keyring but I can't find it right now :( I'll point you to the pages I've looked into to make this work.
It is the same procedure as described here [2], and for enrolling your yubikey I have done it in a very similar way to this project [3]. In my case I've done all the steps manually (look inside the yubikey-luks-enroll script near the end).
The difference from [2] is that you have to zero your luks device and then echo your admin1 password to the luks device.
You might want to refer to the wiki on how to configure and boot a luks encrypted root with the key on a usb drive as the procedure is the same, specifically this [4]. The options KFNAME, KFSKIP and KFSIZE map to device, offset and size.
If I manage to find the text file with rough instructions I'll drop it here, but I'm afraid I might have to start writing it from scratch.
[1] https://wiki.archlinux.org/index.php/Keyboard_configuration_in_console
[2] https://wiki.gentoo.org/wiki/Custom_Initramfs#Encrypted_keyfile
[3] https://github.com/cornelinux/yubikey-luks
[4] https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#cryptkey
Edit:
I found the file :)
This assumes three keys will be used, one in a sd card, one in a usb flash drive and a yubikey.
truncate -s 1053184 keyring.luks #for luks default config
truncate -s 2068992 keyring.luks #for luks -c aes-xts-plain64 -h sha512 -s 512
Use one of the following two:
cryptsetup --align-payload=1 --use-random --key-file sdcard_luks_key -i 2000 luksFormat keyring.luks
cryptsetup --align-payload=1 --use-random -c aes-xts-plain64 -h sha512 -s 512 --key-file sdcard_luks_key -i 2000 luksFormat keyring.luks
cryptsetup --key-file sdcard_luks_key luksAddKey keyring.luks flash_luks_key
cryptsetup --key-file sdcard_luks_key luksAddKey keyring.luks yubikey_luks_key
cryptsetup --key-file sdcard_luks_key open --type luks keyring.luks keyring
dd if=/dev/zero of=/dev/mapper/keyring
echo your_admin1_password > /dev/mapper/keyring
cryptsetup close keyring
Put your keyring.luks in /etc/linuxpba and run mklinuxpba-bios. Don't forget to test your pba image before committing it to the SSD.
tarm commented on 2016-01-27 08:35 (UTC)
Hey you answered to my request over on SEdutils github page for wanting yubikey support and explained how your custom scripted pba works.
I have compiled the package. But I am not clear on exactly what its going to install?
Is it simply the custom pba image and sedutil program?
The reason I ask is in my specific situation I have to actually flash the pba image from a rescue/bootable flash drive. I can not run the sedutil program from inside the os. Now I have a rescue disk I created from the msed program. I made a few changes so I could add all the pba images. This basically gives me a standalone install utility tool so I can push whatever pba I want directly from the syslinux recovery flash drive.
I understand I need to install the yubikey personalaztion tool package to setup the yubikey for C&R etc of course. But I am not entirely clear on what I have to do to setup the luks locked file with the PWD I am sealing in it? Since I am having to do it from a syslinux busybox setup am I needing to do it from that syslinux setup?
Again thanks for any help you may be able to give me.
R00KIE commented on 2015-12-30 15:41 (UTC)
@crepererum
You are correct. I don't have a UEFI machine to test so I'm not going to claim to support something I can't test properly.
It shouldn't be too hard to adapt the mklinuxpba-bios script for uefi, but like I said it needs proper testing. From what I've been told some (older) firmwares are a bit picky about the uefi partition, there is also the matter of secure boot that I would need to try for myself, at least so that instructions can be put on a wiki page of how to make things work.
You can find bios and uefi images here [1] but I suppose they support only password input and the keyboard layout is set to US.
[1] https://github.com/Drive-Trust-Alliance/exec
crepererum commented on 2015-12-30 14:58 (UTC)
Am I right assuming that this only works for a BIOS-driven boot and not for UEFI boot procedures?
Pinned Comments
R00KIE commented on 2016-08-27 21:39 (UTC)