I can confirm the following steps work on 21.10 fresh install to enroll
a TPM2.0 for use with a LUKS encrypted partition but do not work on
22.04.
apt install clevis clevis-tpm2 clevis-luks clevis-udisks2 clevis-systemd
clevis-initramfs
udevadm trigger
clevis luks bind -d /dev/sda3 tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,1,7"}'
update-initramfs -u -k 'all'
The command starting with "clevis" fails with the following under a
fresh install of 22.04:
root@svdivr-9999:/var/log/installer# clevis luks bind -d /dev/sda3 tpm2
'{"pcr_bank":"sha256","pcr_ids":"0,1,7"}'
Enter existing LUKS password:
No key available with this passphrase.
Enter existing LUKS password:
Warning: Value 512 is outside of the allowed entropy range, adjusting it.
ERROR:esys_crypto:src/tss2-esys/esys_crypto_ossl.c:327:iesys_cryptossl_hmac_start()
ErrorCode (0x00070001) EVP_PKEY_new_mac_key
ERROR:esys_crypto:src/tss2-esys/esys_crypto.c:185:iesys_crypto_authHmac() Error
ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:1244:iesys_compute_hmac() HMAC error
ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/esys_iutil.c:1354:iesys_gen_auths() Error while
computing hmacs ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:244:Esys_CreatePrimary_Async()
Error in computation of auth values ErrorCode (0x00070001)
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:110:Esys_CreatePrimary()
Error in async function ErrorCode (0x00070001)
ERROR: Esys_CreatePrimary(0x70001) - esapi:Catch all for all errors not
otherwise specified
ERROR: Unable to run tpm2_createprimary
Creating TPM2 primary key failed!
Invalid input!
Usage: jose jwe fmt -i JWE [-I CT] [-o JWE] [-O CT] [-c]
Converts a JWE between serialization formats
-i JSON --input=JSON Parse JWE from JSON
-i FILE --input=FILE Read JWE from FILE
-i - --input=- Read JWE from standard input
-I FILE --detached=FILE Read decoded ciphertext from FILE
-I - --detached=- Read decoded ciphertext from standard input
-o JSON --output=JSON Parse JWE from JSON
-o FILE --output=FILE Read JWE from FILE
-o - --output=- Read JWE from standard input
Default: "-"
-O JSON --detach=JSON Parse JWE from JSON
-O FILE --detach=FILE Read JWE from FILE
-O - --detach=- Read JWE from standard input
-c --compact Output JWE using compact serialization
Failed to import token from file.
Error saving metadata to LUKS2 header in device /dev/sda3
Unable to update metadata; operation cancelled
Error adding new binding to /dev/sda3
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961758
Title:
Fail to run tpm2 command under ubuntu server 22.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tpm2-tss-engine/+bug/1961758/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
