You are not logged in.

Pages: 1

#1 2026-02-19 07:34:10

alba4k
Member
From: Switzerland
Registered: 2021-12-05
Posts: 117
Website

[SOLVED] Prompted for LUKS Password despite TPM2

A couple of days ago, seemingly out of toe blue, my laptop started asking for a password on every boot (I'm using UKIs, generated my mkinitcpio and secure boot).

I've tried the following:
- Re-enrolling the TPM with systemd-cryptenroll, binding it to only PCR7 and only PCR0, both to no avail
- checking whether something messed with my mkinitcpio.conf or kernel arguments, but they seem fine
- adding the TPM driver as early load in mkinitcpio.conf
- Checked whether something was changing in systemd-analyze pcrs

Kernel cmdline:

rd.luks.name=65122208-30dd-4061-b3d3-be44937ebbf4=luks root=/dev/mapper/luks rootflags=subvol=@ rd.luks.options=tpm2-device=auto,discard rw splash quiet loglevel=0 plymouth.boot-log=/dev/null notwatchdog

relevant mkinitcpio.conf

MODULES=(i915 btrfs tpm tpm_tis tpm_crb)

HOOKS=(systemd autodetect microcode kms plymouth keyboard modconf block sd-encrypt filesystems)

full journal: http://0x0.st/PupB.txt
The only thing I found in here that seems relevant is:

feb 19 07:52:12 dell-xps systemd[1]: Condition check resulted in /dev/tpmrm0 being skipped.
feb 19 07:52:12 dell-xps systemd[1]: Expecting device /dev/tpm0...
feb 19 07:52:13 dell-xps systemd[1]: Condition check resulted in /dev/tpm0 being skipped.
feb 19 07:52:13 dell-xps systemd-pcrextend[612]: WARNING:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:345:Esys_NV_DefineSpace_Finish() Received TPM Error
feb 19 07:52:14 dell-xps systemd[1]: Finished TPM NvPCR Product ID Measurement.
feb 19 07:52:15 dell-xps systemd-tpm2-setup[615]: WARNING:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:345:Esys_NV_DefineSpace_Finish() Received TPM Error
feb 19 07:52:15 dell-xps systemd-tpm2-setup[615]: ERROR:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:121:Esys_NV_DefineSpace() Esys Finish ErrorCode (0x0000014c)
feb 19 07:52:15 dell-xps systemd-tpm2-setup[615]: 1 NvPCRs initialized. (1 NvPCRs were already initialized.)

Everything seems fine, yet I'm still being prompted for a password.

Last edited by alba4k (2026-02-19 10:46:26)

Offline

#2 2026-02-19 10:38:49

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 73,194

Re: [SOLVED] Prompted for LUKS Password despite TPM2

Does it help to specify the uuid, https://wiki.archlinux.org/title/Dm-cry … ks.options ?

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#3 2026-02-19 10:46:02

alba4k
Member
From: Switzerland
Registered: 2021-12-05
Posts: 117
Website

Re: [SOLVED] Prompted for LUKS Password despite TPM2

sorry for wasting your time, I forgot to update the post. The issue was that I had flagged the partition as linux-home, systemd was trying to automount it as home and thus trying to unlock it twice, after the kernel had already mounted it as root (when the TPM had already been used and thus failing)

Offline

Pages: 1

Board footer

Powered by FluxBB