-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-9.5
-
None
-
systemd-252-50.el9
-
No
-
Low
-
rhel-plumbers
-
ssg_core_services
-
3
-
26
-
1
-
False
-
False
-
-
None
-
None
-
None
What were you trying to do that didn't work?
If I try to create a LUKS partition with systemd-repart, it will not work because it always expects a public key. When trusting only the TPM internal PCRs, there is no need to provide any public key. A patch has been already pushed upstream: https://github.com/systemd/systemd/pull/29596/commits/afeb49a4eccac92e43b6359a5d4269ba85320185 and it is a super tiny fix.
It would be nice to get this fix backported in systemd-repart.
Please provide the package NVR for which bug is seen:
systemd 252 (252-38.el9)
How reproducible:
always
Steps to reproduce
- ensure you have free space in the partition, and no partition of type "linux-generic"
- mkdir /etc/repart.d
echo -n "[Partition]
Type=linux-generic
Format=ext4
Encrypt=tpm2
MakeDirectories=/work /upper" > /etc/repart.d/encr.conf - systemd-repart --dry-run=no --no-pager --definitions=/etc/repart.d --tpm2-device=auto --tpm2-pcrs=0
Expected results
Partition is created successfully
Actual results
Could not calculate sealing policy digest: Operation not supported Failed to encrypt device: Operation not supported
- links to
-
RHBA-2024:138835
systemd bug fix and enhancement update
