4

Background and Setup:

  • I have installed a fresh copy of Ubuntu 21.10 on my laptop.
  • Before install I cleared the TPM2.0 module from BIOS and during install I enabled SecureBoot.
  • I selected full disk encryption with LVM.
  • At the first bootup after install I enrolled the MOK with the password I selected during the install procedure.

The problem:
I want to unlock the LUKS2 encrypted system drive with the TPM2.0 module.
This should be supported by the command systemd-cryptenroll from the systemd 248.3 package.
However when running the command systemd-cryptenroll --tpm2-device=list the command returns "TPM2 not supported on this build".

Question:
Why do I get this return message and what can I do to enable the TPM2 support.

Bregell
  • 41
  • 1
  • 5
  • Check https://wiki.archlinux.org/title/Trusted_Platform_Module#systemd-cryptenroll and https://packages.ubuntu.com/search?suite=impish&arch=any&mode=filename&searchon=contents&keywords=cryptenroll . – N0rbert Oct 22 '21 at 06:51
  • Yes these places have guides for how to achieve what I want but it does not solve the problem with the systemd-cryptenroll command. – Bregell Oct 22 '21 at 07:13
  • This bug has been reported on Launchpad: [systemd-cryptenroll does not support TPM2 devices](https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375) – karel May 28 '22 at 10:11

4 Answers4

0

I have the same error message, but the TPM is present.

Check the TPM device is present: dmesg | grep -i tpm

The device name is usually /dev/tpm0. Check it.

Enroll

systemd-cryptenroll --tpm2-device=/dev/tpm0 --tpm2-pcrs=7  </path/to/encrypted/luks/device>
kpod13
  • 101
  • 1
  • Are you using the same Ubuntu version? I can also see the TMP module as a device but systemd seems to be compiled without TPM2 support. – Bregell Oct 30 '21 at 13:09
0

Your version of systemd was built without tpm2 support, you have to find a package version that enables this feature or compile it yourself with the option "-Dtpm2=true".

Leo Sartre
  • 1
0

We have now the same issue on 22.04

There is a corresponding bug report on launchpad: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375

Hopefully this will be fixed fast.

pbanhol
  • 1
0

As @pbanhol mentioned, I submitted the bug: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1969375 and it has been fixed in jammy-proposed and jammy-updates.

deanhuff
  • 39
  • 5