[Bug 1980018] Re: Cryptsetup-initramfs cant deal with tpm2-device option

[W McElderry]

Hi All,

This has been (rightly) divided in to two issues in launchpad, but I
addressed it as one in my scripts.  I've published them at:

https://github.com/wmcelderry/systemd_with_tpm2

I went all out to get this working a bit ago, I was in my final phase of
testing when I ran out of time, so this may only be 90% of the way there
- i.e. forgive/expect typos!


If you can successfully use cryptenroll with tpm2 then I suspect the bits you need for this to work are in the 'patches' directory of that repo.

If you cannot, then you may have joy using the full install.sh script
from a fresh install of 22.04

Let me know how you get on & Good luck!

Will.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1980018

Title:
  Cryptsetup-initramfs cant deal with tpm2-device option

Status in cryptsetup package in Ubuntu:
  Confirmed

Bug description:
  In order to boot an encrypted system and autounlock with tpm2, the
  tpm2-device= option must be specified in  /etc/crypttab. This works
  for non-root filesystems for some reason, but when applied to root
  filesystems it doesnt. Tested working on both arch and fedora, so the
  method is good, something is off in the background.


  root at test:~# update-initramfs -u
  update-initramfs: Generating /boot/initrd.img-5.15.0-40-generic
  cryptsetup: WARNING: sda3_crypt: ignoring unknown option 'tpm2-device'

  
  Manually adding it to  /lib/cryptsetup/functions produces this

  root at test:~# update-initramfs -u
  update-initramfs: Generating /boot/initrd.img-5.15.0-40-generic
  /usr/share/initramfs-tools/hooks/cryptroot: 1: eval: CRYPTTAB_OPTION_tpm2-device=auto: not found

  
  That file belongs to cryptsetup-initramfs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1980018/+subscriptions