Hello,
I made additional tests this morning showing that the problem is
related to the secure boot (even when the secure-boot-policy PCR binding
is not used).
- secure boot enabled, no PCR binding (--tpm2-pcrs="" passed to
systemd-cryptenroll) : OK
- secure boot enabled, PCR binding
Hello,
I made a test where I specified an empty field for --tpm2-pcrs instead
of default 7 and the luks partition is decrypted with the tpm.
I also made some test with other PCR values (1, 0) and it fails.
It seems to be related to the PCR binding and linux-image-6.7.7-amd64
since this problem
2 matches
Mail list logo
