Christoph Biedl wrote:
> In case you haven't noticed yet, that was fixed in clevis 15-3 a few
> days ago. There's alreaddy 15-4 which should reach testing in two days.
I've updated the system with clevis tpm2 setup today and all works
fine end to end with 15-4.
Thank you!
Marek
Marek Rusinowski wrote...
> The upstream.work-around-missing-dev-fd-links.patch doesn't
> work for the tpm2 pin yet.
(...)
In case you haven't noticed yet, that was fixed in clevis 15-3 a few
days ago. There's alreaddy 15-4 which should reach testing in two days.
Christoph
signature.asc
Marek Rusinowski wrote...
> To fix, I've simply removed the lines 168-170 in clevis-decrypt-tpm2:
>
> # The on_exit() trap will not be fired after exec, so let's clean up the temp
> # directory at this point.
> [ -d "${TMP}" ] && rm -rf "${TMP}"
>
> because with subprocess the trap will be
Hi Christoph,
The upstream.work-around-missing-dev-fd-links.patch doesn't
work for the tpm2 pin yet.
You replaced exec with a child process but in this case the on_exit trap
continues to run and the decryption with tpm2 pin will always fail with
Delete temporary files failed!
You need to clean
Control: tags 968518 confirmed pending
Nicolas Bourdaud wrote...
> This is of course not a proper fix. I think the fix should be done
> either in initramfs-tools init-* scripts either in systemd/udev itself.
> In my case, I can say for sure the clevis-decrypt worked in July. I
> don't know which
I am facing the same issue (I use clevis with TPM in my case)
> When running the unmodified scripts on a completely booted system, they work.
> So it seems that the '< <(...)' mechanism fails only in initrd (no idea why).
After a slightly deeper inspection, the issue is that initramfs scripts
are
Package: clevis
Version: 13-2
Severity: normal
Dear Maintainer,
* What led up to the situation?
I set up a new system with encrypted root device. I set up a tang server. I
set up "clevis luks bind ..." and everything else according to the book. When I
rebooted, I had to enter the password to
7 matches
Mail list logo