Hello, "Authenticated Boot and Disk Encryption on Linux" [1] suggests to "make /home/ its own dm-integrity volume with a HMAC, keyed by the TPM" when using systemd-homed for user home directories.
I'd like to try that but… how? I can use systemd-cryptenroll to make a encrypted volume with a TPM key, but how do I make a dm-integrity volume with a TPM key? I've gone through the manpage for integritysetup and did a few unsuccessful google searches, but I've not found any answer. I'd appreciate some pointers into the right direction. Cheers, Basti [1]:https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html
