Also forgot to mention how I have setup the RSA keys:
> openssl genrsa -out /etc/systemd/tpm2-pcr-private-key.pem 2048
> openssl rsa -in /etc/systemd/tpm2-pcr-private-key.pem -pubout -out
> /etc/systemd/tpm2-pcr-public-key.pem
and
> echo "add_dracutmodules+=\" tpm2-tss \"" >
I've progressed past this point by upgrading to Fedora 39 Beta which
apparently has a newer ukify version. The issue now though is that
automatic unlock does not work. I need to enter password manually and
I see no errors in console output.
Here's what I did:
> sudo systemd-cryptenroll