Sample Header Ad - 728x90

Ubuntu 20.04 clevis-luks setup auto unlocking not working

5 votes
1 answer
5212 views
lvm luks cryptsetup tpm
I have an Ubuntu 20.04 machine setup that I am trying to configure for disk encryption. I am trying to setup auto unlock, but my configuration has not worked so far, and I am always prompted for a password. To do this I followed the following steps: 1. sudo apt-get update and sudo apt-get install cryptsetup 2. Check /dev/nvme0n1p3 -> sudo cryptsetup luksDump /dev/nvme0n1p3 -> No Tokens or Keyslots 3. Install clevis, clevis-luks, clevis-dracut, clevis-udisks2, clevis-systemd, clevis-tpm2 4. sudo clevis luks list -d /dev/nvme0n1p3 -> Empty 5. echo | sudo clevis luks bind -d /dev/nvme0n1p3 tpm2 '{ "pcr_bank":"sha256", "pcr_ids": "7,11" }' 6. sudo dracut -fv --regenerate-all 7. Check sudo clevis luks list -d /dev/nvme0n1p3 -> 1: tpm2 '{"hash":"sha256","key":"ecc","pcr_bank":"sha256","pcr_ids":"7,11"}' 8. lsblk -o NAME,UUID,MOUNTPOINT -> 
├─nvme0n1p1                                               /boot/efi
├─nvme0n1p2                    /boot
└─nvme0n1p3                    
  └─dm_crypt-0               
    └─ubuntu--vg-ubuntu--lv    /
9. cat /etc/crypttab -> dm_crypt-0 UUID= none luks When booting I do not notice any errors for cryptsetup, luks, tpm2. Googling around and checking others questions, I have also verified tried: 1. sudo systemctl enable clevis-luks-askpass.path 2. update-initramfs -c -k all -> Runs successfully My fstab file doesn't actually list the encrypted partition: cat /etc/fstab -> 
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#                
# / was on /dev/ubuntu-vg/ubuntu-lv during curtin installation
/dev/disk/by-id/ / ext4 defaults 0 1
# /boot was on /dev/nvme0n1p2 during curtin installation
/dev/disk/by-uuid/ /boot ext4 defaults 0 1
# /boot/efi was on /dev/nvme0n1p1 during curtin installation
/dev/disk/by-uuid/ /boot/efi vfat defaults 0 1
/swap.img	none	swap	sw	0	0
I've also tried manually adding in the partition to fstab but did not work. No matter what I try, it always asks for password on boot. What could I do to fix this?
Asked by Niru (161 rep)
Jun 3, 2022, 12:10 AM
Last activity: Jun 6, 2022, 11:10 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "lvm"
More questions tagged "luks"
More questions tagged "cryptsetup"
Footer Ad - 728x90