You are not logged in.

#1 2025-09-24 08:49:25

JacoNIX97
Member
Registered: 2017-02-14
Posts: 24

TPM2 pin unlock stopped working

Hi everyone. I have my system configured to unlock my LUKS encrypted drive with the TPM2 provided by my CPU (i5-6300U on a ThinkPad T460). I recently changed the keys to unlock LUKS, removed the old token and relative key and enrolled a new one on the TPM. This continued working for a day, now it just stopped. I get prompted for the PIN but the unlock falls back to the LUKS key. The TPM is configured to use registers 7 and 11. I tried removing all keys but one in the LUKS header, resetting the TPM and enrolling the secure boot keys and LUKS PIN again but to no avail. As of now LUKS has two keys (one is mine the other is for the TPM), one token for the TPM and nothing more. I also tried downgrading the kernel as a blind shot but it didn't work. Also, I'm on systemd 257 as my UEFI cannot boot with the new version because the firmware is old (2016).
Any help will be much appreciated.

Offline

Board footer

Powered by FluxBB