You are not logged in.
- Topics: Active | Unanswered
#1 2026-02-08 01:34:46
- OpenDuck
- Member
- Registered: 2026-02-08
- Posts: 2
[SOLVED] Errors while trying to unlock two partition with the TPM
Hi guys i'm trying to build my home server with two encrypted disks and i'm expiriencing some issuse.
The first disk is an NVME and he have three partition where the third partition (nvme0n1p3) is the encrypted root formatted in BTRFS with FSCK parameter in FSTAB is set to 0
The second disk is an HDD with one encrypted backup partition (sda1) mounted in /backup and formatted in BTRFS with FSCK parameter in FSTAB is set to 0
I'm using systemd-boot with sd-encrypt hooks (not encrypt hooks) and the default entry is the below
/boot/loader/entries/arch.conf
title Arch Linux linux /vmlinuz-linux initrd /intel-ucode.img initrd /initramfs-linux.img options root=/dev/mapper/root backup=/dev/mapper/backup rd.luks.name=Encrypted root partition UUID=root rd.luks.options=tpm2-device=auto,password-echo=masked rd.luks.name=Encrypted backup partition UUID=backup
I have also tried without
backup=/dev/mapper/backupbut nothing changed
I have bound the partition with the TPM using
sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+1+2+3+5+7+15 /dev/nvme0n1p3sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+1+2+3+5+7+15 /dev/sda1When i turn on my Pc he asked the passphrase for the backup partition (sda1) and some seconds after entering that i get this errors
[OK] Finished Cryptography Setup for backup.
[FAILED] Failed to start Cryptography Setup for root.
See 'systemctl status systemd-cryptsetup@root service' for details.
[DEPEND] Dependency failed for /dev/mapper/root.
[DEPEND] Dependency failed for /sysroot.
[DEPEND] Dependency failed for Initrd Root File System.
[DEPEND] Dependency failed for Mountpoints Configured in the Real Root.
[DEPEND] Dependency failed for Initrd Root Device.
[DEPEND] Dependency failed for File System Check on /dev/mapper/root.
[DEPEND] Dependency failed for Local Encrypted Volumes.
[OK] Reached target Initrd File Systems.
Stopping Dispatch Password Requests to Console...
[OK] Stopped Dispatch Password Requests to Console.
[OK] Stopped Dispatch Password Requests to Console Directory Watch.
[OK] Started Emergency Shell.
[OK] Reached target Emergency Mode.
You are in emergency mode. After logging in, type "journalctl -b" to view system logs, "systemctl reboot" to reboot, or "exit" to continue bootup.
Cannot open access to console, the root account is locked.
See sulogin(B) man page for more details.
Press Enter to continue.I hope if i have sayed everything needed for retriving help in case i miss something please let me know
Thanks to everyone that will help me 
Last edited by OpenDuck (2026-02-08 14:10:51)
Offline
#2 2026-02-08 14:06:31
- OpenDuck
- Member
- Registered: 2026-02-08
- Posts: 2
Re: [SOLVED] Errors while trying to unlock two partition with the TPM
[SOLUTION]
For everyone that wille need help for the same thing i have solved removing the tpm2-device=auto option from the arch.conf file leaving the file like below:
/boot/loader/entries/arch.conf
title Arch Linux linux /vmlinuz-linux initrd /intel-ucode.img initrd /initramfs-linux.img options root=/dev/mapper/root rd.luks.name=Encrypted Root Partition UUID=root rd.luks.name=Encrypted Backup Partition UUID=backup rd.luks.options=password-echo=masked
and create the file below
/etc/crypttab.initramfs
root UUID=Encrypted Root Partition UUID none tpm2-device=auto backup UUID=Encrypted Backup Partition UUID none tpm2-device=auto
after bouding the partition to the TPM with
sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+1+2+3+5+7+15 /dev/nvme0n1p3sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+1+2+3+5+7+15 /dev/sda1everything have worked correctly
https://wiki.archlinux.org/title/Dm-cry … FIDO2_keys
Last edited by OpenDuck (2026-02-08 14:10:07)
Offline