LUKS devices bound to TPM2 are not decrypted anymore after boot

Solution Verified - Updated -

Issue

  • After installing a system through the network and kickstart with a %post script to automatically unlock the LUKS devices through TPM2, the LUKS devices do not get automatically unlocked

  • After installing a system using the DVD and kickstart with a %post script to automatically unlock the LUKS devices through TPM2, the LUKS devices do not get automatically unlocked

  • Booting a system which has its LUKS devices bound to TPM2 doesn't get its devices unlocked automatically anymore even though this was working in the past

Environment

  • Red Hat Enterprise Linux 8
    • LUKS used for root devices
    • Clevis TPM2 decryption

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content