Is it required to enable 'clevis-luks-askpass.path' service while using TPM2 with LUKS

Solution Verified - Updated -


  • While using TPM2 with LUKS is it necessary to manually enable clevis-luks-askpass.path service?

  • The upstream documentation for clevis mentions that above service is required:

    However, RHEL 8.7 release notes mentions that users do not need to enable this service:
    1.1. Major changes in RHEL 8.7:
    Snip from above release notes:

    Changes in the system configuration and the clevis-luks-systemd subpackage
    enable the Clevis encryption client to unlock also LUKS-encrypted volumes
    that mount late in the boot process *without* using the systemctl enable    <---
    clevis-luks-askpass.path command during the deployment process. 


  • Red Hat Enterprise Linux 8.7
  • Red Hat Enterprise Linux 9.1
  • LUKS encryption with TPM2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content