How to enable TPM 8/9 on OpenSUSE Leap 15.6?

gwangmu · May 12, 2026, 1:22pm

Hello,

I’m trying to configure the OpenSUSE kernel to record PCR 8/9 during boot, but I cannot find any information about this online. The MicroOS instruction (https://en.opensuse.org/Portal:MicroOS/RemoteAttestation) doesn’t seem to work on my OpenSUSE Leap 15.6 VM, and any other OpenSUSE Leap materials seem to talk about encrypted storage, not measured boot (which requires PCR 8/9).

I’m using a VM with an image “openSUSE-Leap-15.6-Minimal-VM.x86_64-kvm-and-xen.qcow2” in the image download page. Could someone advise me or point me to online resources I can look into?

Thank you,
Gwangmu

malcolmlewis · May 12, 2026, 1:55pm

@gwangmu You do realize the Leap 15.6 is not longer supported and end of life?

MicroOS uses systemd-boot, different kettle of fish, so to speak…

This may be of interest https://forums.opensuse.org/t/question-about-full-disk-encryption-and-tpm-2-0-without-secureboot/184797

gwangmu · May 13, 2026, 6:15pm

@malcolmlewis Thank you for the quick reply and for the heads-up about systemd-boot (for MicroOS).

Regarding the original question, I happened to find the solution on my own. Grub2 documentation said PCRs 8 and 9 are only recorded with (U)EFI (https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html), and I found out that my VM was using BIOS instead of UEFI (https://itsfoss.com/check-uefi-or-bios/). Recreating the VM with UEFI made PCRs 8/9 non-zero. (https://www.howtoforge.com/enable-uefi-support-on-kvm-virtualization/; “–boot uefi” to “virt-install” was all I needed.)

system · May 20, 2026, 6:16pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.