[Bug 1969375] Re: systemd-cryptenroll does not support TPM2 devices

[Patrick Banholzer]

This seems to be a really easy fix in the rules file.

patch for version systemd_249.11-0ubuntu3:

# diff -Naur rules.old rules.new
--- rules.old	2022-03-08 14:53:55.000000000 +0100
+++ rules.new	2022-05-24 16:17:07.548254564 +0200
@@ -84,7 +84,7 @@
 	-Dfdisk=false \
 	-Dpwquality=false \
 	-Dp11kit=false \
-	-Dtpm2=false \
+	-Dtpm2=true \
 	-Doomd=true \
 	-Dsysext=true \
 	-Dnscd=true \

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1969375

Title:
  systemd-cryptenroll does not support TPM2 devices

Status in systemd package in Ubuntu:
  Confirmed

Bug description:
  systemd-cryptenroll can make use of tpm2 modules to bind against
  secure boot pcrs and enable auto unlocking of luks devices.

  Following the instructions here:
  https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll

  the following commands fail on ubuntu jammy (5.15.0-25-generic)

  root at testbox:~# systemd-cryptenroll --tpm2-device=list
  TPM2 not supported on this build.
  root at testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3
  🔐 Please enter current passphrase for disk /dev/sda3: ***************
  root at testbox:~# echo $?
  1

  It appears that this issue has been resolved in the debian build for
  systemd here:  https://salsa.debian.org/systemd-
  team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8

  Can we get the same modifications to the Jammy systemd build?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375/+subscriptions