Public bug reported: systemd-cryptenroll can make use of tpm2 modules to bind against secure boot pcrs and enable auto unlocking of luks devices.
Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 🔐 Please enter current passphrase for disk /dev/sda3: *************** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? ** Affects: systemd (Ubuntu) Importance: Undecided Status: New ** Tags: luks systemd tpm2 ** Package changed: linux (Ubuntu) => systemd (Ubuntu) ** Description changed: systemd-cryptenroll can make use of tpm2 modules to bind against secure - boot pcrs an enable auto unlocking of luks devices. + boot pcrs and enable auto unlocking of luks devices. - Following the instructions here: + Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 🔐 Please enter current passphrase for disk /dev/sda3: *************** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1969375 Title: systemd-cryptenroll does not support TPM2 devices Status in systemd package in Ubuntu: New Bug description: systemd-cryptenroll can make use of tpm2 modules to bind against secure boot pcrs and enable auto unlocking of luks devices. Following the instructions here: https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll the following commands fail on ubuntu jammy (5.15.0-25-generic) root@testbox:~# systemd-cryptenroll --tpm2-device=list TPM2 not supported on this build. root@testbox:~# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/sda3 🔐 Please enter current passphrase for disk /dev/sda3: *************** root@testbox:~# echo $? 1 It appears that this issue has been resolved in the debian build for systemd here: https://salsa.debian.org/systemd- team/systemd/-/commit/6b5e99f1d7f63c0c83007de9f98f7745f4a564f8 Can we get the same modifications to the Jammy systemd build? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp