FICHA · AUR

mkinitcpio-tpm-encrypt

mkinitcpio hook that decrypts a TPM-sealed LUKS keyfile

  • initramfs-hook
  • System
  • SECURITY
  • STORAGE
official+codex · reviewed · Jun 2, 2026 description in en

Description

LUKS keyfiles sealed to a TPM can unlock encrypted storage during early boot. Administrators use this hook when disk access should depend on platform state instead of only manual passphrase entry.

It is a TPM-based disk unlock hook, not a complete encryption policy tool. Recovery keys are essential because TPM changes or hardware replacement can prevent unlock.

Permissions

Permissions not analysed for this source yet.