Hi guys.
Is this a misbehavior of some sorts? I encrypt:
-> $ systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7
/dev/nvme0n1p3
but unless there is only one keyslot (my even have any ID)
or perhaps if it was first - but have not tired it - then
'cryptset' does not open the device @boot.
From what I understand 'cryptsetup' tires all keyslots - no
matter TPM provider/device is absent - I was thinking of
'timeout' but cryptsetup does not report any such issues,
simply boot stops, waiting for a passphrase.
I other words: it seems I need to remove all keyslots, old
ones, enrolled in the past for which TPMs do not exists any
more, except for the one I know is valid, only then system
boots with TPM, no passphrase prompt.
any thoughts much appreciated.
many thanks, L.