it-team/lmn-client
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't force secure boot measurement for TPM disk encryption

Browse source
This commit is contained in:
Raphael Dannecker 2026-01-26 09:54:56 +01:00
parent 46c34fe0b5
commit b0c45eef59
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/lmn_encrypt/tasks/tpm2.yml
View file

@ -32,7 +32,7 @@
cmd: > cmd: >
systemd-run -P --wait systemd-run -P --wait
-p SetCredential=cryptenroll.passphrase:{{ encrypt_passphrase | default(encrypt_passphrase_initial) }} -p SetCredential=cryptenroll.passphrase:{{ encrypt_passphrase | default(encrypt_passphrase_initial) }}
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 {{ encrypt_device }} --wipe-slot=tpm2 systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs="" {{ encrypt_device }} --wipe-slot=tpm2
no_log: true no_log: true
when: "'tpm2' not in encrypt_slots_result.stdout" when: "'tpm2' not in encrypt_slots_result.stdout"