Hi guys.
Is this a misbehavior of some sorts? I encrypt:
-> $ systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7
/dev/nvme0n1p3
but unless there is only one keyslot (my even have any ID)
or perhaps if it was first - but have not tired it - then
'cryptset' does not open the device @boot.
From what I understand 'cryptsetup' tires all keyslots. I
was thinking of 'timeout' but cryptsetup does not report any
such issues, simply boot stops, waiting for a passphrase.
I other words: I need to remove all keyslots, old ones,
enrolled in the past for which TPMs do not exists any more,
except for the one I know is valid, only then system boots
with TPM, not passphrase.
any thoughts much appreciated.
many thanks, L.
_______________________________________________
Discuss mailing list -- [email protected]
To unsubscribe send an email to [email protected]
