install: Add block to config, disable tpm2-luks unless opted-in
#445
Commits on Mar 26, 2024
-
tests: Use
..Default::default()for install configTo make adding a new field not require touching all the tests. Signed-off-by: Colin Walters <walters@verbum.org>
Commits on Apr 2, 2024
-
install: Add
blockto config, disable tpm2-luks unless opted-inThis allows the container image builder more control over `bootc install to-disk` in the installation config. Per discussion in containers#421 this one definitely requires integration by the base image, and not all of them will want it. (Or if the do want LUKS, they may want more control over it) The default value is `block: ["direct"]` which only enables the simple filesystem install. This change allows two different things: `block: []` With this, `bootc install to-disk` will just error out. It's a way to effectively disable it for those that want to use an external installer always. Another possibility is: `block: ["direct", "tpm2-luks"]` To explicitly re-enable the builtin tpm2-luks flow. Or, one could do just `block: ["tpm2-luks"]` to enforce encrypted installs. Signed-off-by: Colin Walters <walters@verbum.org>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.