[Bug 1980018] Re: Cryptsetup-initramfs cant deal with tpm2-device option

W McElderry 1980018 at bugs.launchpad.net
Tue Aug 30 15:15:44 UTC 2022 

I see that @gmazyland was saying there are two ways to implement this
and neither is 'cryptsetup'.

Having got it working, my solution requires modification to two files
which are packaged in `cryptsetup` and `cryptsetup-initramfs` in Ubuntu,
and adding one file to `/etc/initramfs-tools/hooks` (or the platform
equivalent location)

I've generated minimal patches of what needs doing in my repo under the 'patches' directory.
  https://github.com/wmcelderry/systemd_with_tpm2/tree/main/patches


and the extra hook script is under 'scripts':
  https://github.com/wmcelderry/systemd_with_tpm2/tree/main/scripts


I'm not claiming these are the best way to implement the solution, but it makes it very clear what I have done to get it working.

If there's a better way to implement this, I'd love to hear your
thoughts and integrate it.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1980018

Title:
  Cryptsetup-initramfs cant deal with tpm2-device option

Status in cryptsetup package in Ubuntu:
  Confirmed

Bug description:
  In order to boot an encrypted system and autounlock with tpm2, the
  tpm2-device= option must be specified in  /etc/crypttab. This works
  for non-root filesystems for some reason, but when applied to root
  filesystems it doesnt. Tested working on both arch and fedora, so the
  method is good, something is off in the background.


  root at test:~# update-initramfs -u
  update-initramfs: Generating /boot/initrd.img-5.15.0-40-generic
  cryptsetup: WARNING: sda3_crypt: ignoring unknown option 'tpm2-device'

  
  Manually adding it to  /lib/cryptsetup/functions produces this

  root at test:~# update-initramfs -u
  update-initramfs: Generating /boot/initrd.img-5.15.0-40-generic
  /usr/share/initramfs-tools/hooks/cryptroot: 1: eval: CRYPTTAB_OPTION_tpm2-device=auto: not found

  
  That file belongs to cryptsetup-initramfs

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1980018/+subscriptions

More information about the foundations-bugs mailing list