You are not logged in.
Pages: 1
I installed
tpm2-tools
enrolled the tpm key with
sudo systemd-cryptenroll --tpm2-device=auto --tpm2-with-pin=yes /dev/nvme0n1p2
added
systemd sd-vconsole sd-encrypt
to HOOKS and did
sudo mkinitcpio -P
my boot loader options look like
rd.luks.name=5d7a5119-36ea-4f1a-b50e-75e295625019=root rd.luks.options=tpm2-device=auto,tpm2-pin=yes root=/dev/mapper/root rw ...
added this line to /etc/crypttab.initramfs
root /dev/nvme0n1p2 - tpm2-device=auto
But when I restart I get asked for
LUKS token PIN
and I dont event now what to type in there
then it asks me for the TPM2 Pin and I enter my pin
not that it would even matter because after that it asks me for the luks passphrase to encrypt it.
So I dont think that the TPM Pin works right can anyone help?
Offline
Okay, my first problem seems the be the PCRs i didnt specify any so it was 7 which means it checks for secure boot.
Because when i did the cryptenroll the passphrase was always wrong i thought it was because the partition was in use so i did it in the archiso terminal, which means i turned off secure boot for this.
Thats why it still asked me for the passphrase at the end. To fix this I just opend a terminal in lockscreen by hitten ctrl alt f2 to open another where the passphrase worked.
But I still dont know why I get asked for the LUKS2 token PIN, anyone know what this is?
Last edited by AxtTom (2023-01-04 16:55:34)
Offline
Pages: 1