FICHA · AUR

mkinitcpio-tpm2-encrypt

mkinitcpio hook that decrypts a TPM2-sealed LUKS keyfile

  • initramfs-hook
  • System
  • SECURITY
  • STORAGE
official+codex · reviewed · Jun 2, 2026 description in en

Description

LUKS keyfiles sealed to TPM2 hardware can unlock encrypted storage during early boot. Administrators use this hook when TPM2 policy should help protect disk access before the main system starts.

It is a TPM2 unlock hook, not a backup or recovery solution. Firmware updates, PCR changes, or hardware replacement can break unlock unless recovery keys are available.

Permissions

Permissions not analysed for this source yet.